From 8c1f1ab3de88af1c5d3205c5bb6891095fc8502a Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Sat, 11 Jan 2020 04:20:07 +0000
Subject: [PATCH] Change search to POST and add sequence numbers

---
 apiserver/apiserver/api/serializers.py |  5 ++++-
 apiserver/apiserver/api/views.py       | 17 +++++++----------
 apiserver/apiserver/urls.py            |  2 +-
 webclient/src/Home.js                  |  2 +-
 webclient/src/Members.js               | 10 +++++-----
 webclient/src/Transactions.js          |  2 +-
 6 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py
index 17a924c..cead746 100644
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@@ -24,9 +24,12 @@ class UserSerializer(serializers.ModelSerializer):
 
 # member viewing member list or other member
 class OtherMemberSerializer(serializers.ModelSerializer):
+    q = serializers.CharField(write_only=True, max_length=64)
+    seq = serializers.IntegerField(write_only=True, )
+
     class Meta:
         model = models.Member
-        fields = ['preferred_name', 'last_name', 'status', 'current_start_date']
+        fields = ['q', 'seq', 'preferred_name', 'last_name', 'status', 'current_start_date']
 
 # member viewing himself
 class MemberSerializer(serializers.ModelSerializer):
diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index f5c6a62..20fe8d1 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -13,10 +13,6 @@ class AllowMetadata(permissions.BasePermission):
         return request.method in ['OPTIONS', 'HEAD']
 
 
-class UserViewSet(viewsets.ModelViewSet):
-    queryset = User.objects.all().order_by('-date_joined')
-    serializer_class = serializers.UserSerializer
-
 
 search_strings = {}
 def gen_search_strings():
@@ -33,17 +29,17 @@ def gen_search_strings():
     print('Generated search strings in {} s'.format(time.time() - start))
 gen_search_strings()
 
-class SearchViewSet(viewsets.ReadOnlyModelViewSet):
+class SearchViewSet(viewsets.ViewSet):
+    permission_classes = [AllowMetadata | permissions.IsAuthenticated]
     serializer_class = serializers.OtherMemberSerializer
 
     def get_queryset(self):
         NUM_SEARCH_RESULTS = 10
 
         queryset = models.Member.objects.all()
-        params = self.request.query_params
+        search = self.request.data.get('q', '').lower()
 
-        if 'q' in params and len(params['q']):
-            search = params['q'].lower()
+        if len(search):
             choices = search_strings.keys()
 
             # get exact starts with matches
@@ -68,9 +64,10 @@ class SearchViewSet(viewsets.ReadOnlyModelViewSet):
 
         return queryset
 
-    def list(self, request):
+    # must POST so query string doesn't change so preflight request is cached
+    def create(self, request):
         try:
-            seq = int(request.query_params.get('seq', 0))
+            seq = int(request.data.get('seq', 0))
         except ValueError:
             seq = 0
 
diff --git a/apiserver/apiserver/urls.py b/apiserver/apiserver/urls.py
index b876bdf..a70c513 100644
--- a/apiserver/apiserver/urls.py
+++ b/apiserver/apiserver/urls.py
@@ -6,7 +6,7 @@ from rest_framework import routers
 from .api import views
 
 router = routers.DefaultRouter()
-router.register(r'users', views.UserViewSet)
+#router.register(r'users', views.UserViewSet)
 router.register(r'members', views.MemberViewSet, basename='member')
 router.register(r'courses', views.CourseViewSet, basename='course')
 router.register(r'sessions', views.SessionViewSet, basename='session')
diff --git a/webclient/src/Home.js b/webclient/src/Home.js
index b99bd50..167ab1d 100644
--- a/webclient/src/Home.js
+++ b/webclient/src/Home.js
@@ -150,7 +150,7 @@ function MemberInfo(props) {
 							</Table.Row>
 						)
 					:
-						<p>None</p>
+						<Table.Row><Table.Cell>None</Table.Cell></Table.Row>
 					}
 				</Table.Body>
 			</Table>
diff --git a/webclient/src/Members.js b/webclient/src/Members.js
index 3742a5e..6884030 100644
--- a/webclient/src/Members.js
+++ b/webclient/src/Members.js
@@ -8,11 +8,11 @@ import { NotFound, PleaseLogin } from './Misc.js';
 
 export function Members(props) {
 	const [members, setMembers] = useState(false);
-	const [search, setSearch] = useState({t: 0, v: ''});
+	const [search, setSearch] = useState({seq: 0, q: ''});
 	const { token } = props;
 
 	useEffect(() => {
-		requester('/search/?seq='+search.t+'&q='+search.v, 'GET', '')
+		requester('/search/', 'POST', token, search)
 		.then(res => {
 			if (!members || res.seq > members.seq) {
 				setMembers(res);
@@ -30,12 +30,12 @@ export function Members(props) {
 			<Input autoFocus focus icon='search'
 				placeholder='Search...'
 				value={search.v}
-				onChange={(e, v) => setSearch({t: e.timeStamp, v: v.value})}
+				onChange={(e, v) => setSearch({seq: e.timeStamp, q: v.value})}
 				aria-label='search products'
 			/>
 
 			<Header size='medium'>
-				{search.length ? 'Search Results' : 'Recently Vetted'}
+				{search.q.length ? 'Search Results' : 'Recently Vetted'}
 			</Header>
 
 			{members ?
@@ -58,7 +58,7 @@ export function Members(props) {
 								</Table.Row>
 							)
 						:
-							<p>No Results</p>
+							<Table.Row><Table.Cell>No Results</Table.Cell></Table.Row>
 						}
 					</Table.Body>
 				</Table>
diff --git a/webclient/src/Transactions.js b/webclient/src/Transactions.js
index dd82143..e229a3c 100644
--- a/webclient/src/Transactions.js
+++ b/webclient/src/Transactions.js
@@ -36,7 +36,7 @@ export function Transactions(props) {
 							</Table.Row>
 						)
 					:
-						<p>None</p>
+						<Table.Row><Table.Cell>None</Table.Cell></Table.Row>
 					}
 				</Table.Body>
 			</Table>