WPB-20214: Add member searchability

[eyeinsky]

Task checklist:

• add field searchable
• default value is True
• must only be changed from the new /users/:uid/searchable API endpoint and by team admin, and nowhere else
• add permission SetMemberSearchable
• must be exposed from user profile
• must be indexed by ES
• /search/contacts must filter based on searchable = True
• /teams/:tid/search must expose a filter to find non-searchable users; otherwise ignore it
• exact handle search via public endpoint must return 404
• calling HEAD should ignore the field: used to check whether handle is taken
• add documentation of searchable field behavior
• adds a test to check the above
• exact handle search via internal endpoint should ignore this property
  • if no such endpoint exists, it should be created

Open questions

• is the changed admin toggle API type ok? The task designates this as POST /users/:uid/searchable, but as TeamId is required, then it currently is POST /users/:uid/:tid/searchable -- could this be improved?
• POST /handles: should this endpoint also filter based on searchability?
• are there no other locations than /search/contacts to take searchability into account?
• should the test be moved into the integration package? (@battermann mentioned this -- are we moving tests there and hence, should this test also go there as well?)

Checklist

• Add a new entry in an appropriate subdirectory of changelog.d
• Read and follow the PR guidelines

[eyeinsky]

The below is now resolved.

---

The current error when running the test is this:

[[email protected]] E, IO Exception occurred, message=cql-io: protocol error: parse error: response body reading: Failed reading: column count: 24 =/= 26 Empty call stack , request=37d3c1fa-f1ee-4050-b623-e4c9c79e5584
[[email protected]] E, request=37d3c1fa-f1ee-4050-b623-e4c9c79e5584, code=500, label=server-error, "Server Error"
brig-integration: Assertions failed:
 1: 201 =/= 500

Response was:

Response {responseStatus = Status {statusCode = 500, statusMessage = "Internal Server Error"}, responseVersion = HTTP/1.1, responseHeaders = [("Transfer-Encoding","chunked"),("Date","Thu, 25 Sep 2025 09:00:01 GMT"),("Server","Warp/3.4.2"),("traceparent","00-96836cd3b1eedf0553338dde6b2d4b0c-1ced0252881c377c-01"),("tracestate",""),("Content-Encoding","gzip"),("Content-Type","application/json"),("Vary","Accept-Encoding")], responseBody = Just "{\"code\":500,\"label\":\"server-error\",\"message\":\"Internal Server Error\"}", responseCookieJar = CJ {expose = []}, responseClose' = ResponseClose, responseOriginalRequest = Request {
  host                 = "127.0.0.1"
  port                 = 8082
  secure               = False
  requestHeaders       = [("Content-Type","application/json")]
  path                 = "/i/users"
  queryString          = ""
  method               = "POST"
  proxy                = Nothing
  rawBody              = False
  redirectCount        = 10
  responseTimeout      = ResponseTimeoutDefault
  requestVersion       = HTTP/1.1
  proxySecureMode      = ProxySecureWithConnect
}
, responseEarlyHints = []}
CallStack (from HasCallStack):
  error, called at src/Bilge/Assert.hs:91:5 in bilge-0.22.0-inplace:Bilge.Assert
  <!!, called at test/integration/API/Team/Util.hs:140:9 in brig-2.0-inplace-brig-integration:API.Team.Util
  createUserWithTeam', called at test/integration/API/Team/Util.hs:89:21 in brig-2.0-inplace-brig-integration:API.Team.Util
  createPopulatedBindingTeamWithNames, called at test/integration/API/Team/Util.hs:68:25 in brig-2.0-inplace-brig-integration:API.Team.Util
  createPopulatedBindingTeamWithNamesAndHandles, called at test/integration/API/Search.hs:165:38 in brig-2.0-inplace-brig-integration:API.Search

From running this command: make c package=all && ./hack/bin/cabal-run-integration.sh brig -p '/testUserSearchable/'

[eyeinsky]

@akshaymankar Noting here what you asked about in the standup: the /search/contacts endpoint fetches the results from ES which is populated from Cassandra's user table. This has the searchable field, so filtering there is easy. The /team/:tid/members?searchable=false on the other hand gets its results from Cassandra's team_member table, which doesn't have a searchable field.. But since I need to return all non-searchable users from this table, then I think the current (pre-postgres) way to do it would be to get all rows from team_member and then filter that down to only non-searchable users by the help of users table. With large table this might costly to do. 🤔

When we had all data in postgres though, the query could entirely be done on the database side: join team_member with user, then filter by searchable.

[akshaymankar]

@eyeinsky I think we shouldn't support this query param on /teams/:tid/members endpoint, but rather on /teams/:tid/search endpoint. I just saw the ticket and it seems like I made a mistake in the name of this endpoint. Sorry about that 😞

[eyeinsky]

@akshaymankar I'm ready for another round of review!

[akshaymankar]

is the changed admin toggle API type ok? The task designates this as POST /users/:uid/searchable, but as TeamId is required, then it currently is POST /users/:uid/:tid/searchable -- could this be improved?

I think we can just lookup the team id of the targetted user and check whether the user who made the request is an admin of that team. We shouldn't need team id in the path.

POST /handles: should this endpoint also filter based on searchability?

No, we can expose the fact that his handle is taken as far as we don't tell who has this handle.

are there no other locations than /search/contacts to take searchability into account?

Yeah, this is the only location.

should the test be moved into the integration package? (@battermann mentioned this -- are we moving tests there and hence, should this test also go there as well?)

Ideally, yes. Sometimes we've been lazy, but the agreed upon rule was to move a test if you need to work on it and not to add more tests in the legacy test suites.

[akshaymankar]

As mentioned in earlier comment, we shouldn't need the TeamId in the path.

[akshaymankar]

Shouldn't this go to the HiddenPerm type?

[akshaymankar]

We should reduce these tests and perhaps add a test where this value is not Nothing.

[akshaymankar]

Why is this a Maybe?

[akshaymankar]

I'm refactoring these to record syntax whenever I come across them. Its a bit painful, but IMO its necessary to do this as we go.

[akshaymankar]

We should write this test in the new test suite.

[akshaymankar]

This looks like it should work with old users who don't have anything set in searchable, just to be sure did you test it?
If it does work we should write a comment explaining this double negation (mustNot and false)

[battermann]

This needs a release note explaining how the search index mapping has to be updated and how to avoid downtime, etc.

And there are some minor comments, looks good overall.

[battermann]

this should go into API.Brig

[battermann]

If u1' is not used later I would prefer to do the assertion in a bindResponse body, to reduce number of ticked variable names. Also you could assert like this: u1 %. "searchable" shouldMatch True (I think) which I find more readable.

[battermann]

The above applies to the following lines, too.

[battermann]

will it return only searchable members when true?

[battermann]

this seems unused, no?