Added warnings when requesting non-public fields via the search API with
accessRewriteDisabled (resolved #43).

Change-Id: I917415f242c1adf884bacb832fd7644cddaa6973
diff --git a/core/Changes b/core/Changes
index dcaf3dc..023b7f9 100644
--- a/core/Changes
+++ b/core/Changes
@@ -1,3 +1,8 @@
+# version 0.62.2
+13/11/2019
+   - Added warnings when requesting non-public fields via the search API with 
+     accessRewriteDisabled (margaretha, resolved #43).
+
 # version 0.62.1
 08/07/2019
    - Added support for public metadata response in search api (margaretha, 
diff --git a/core/pom.xml b/core/pom.xml
index bd89d6d..7bef3cd 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.ids_mannheim.korap</groupId>
 	<artifactId>Kustvakt-core</artifactId>
-	<version>0.62.1</version>
+	<version>0.62.2</version>
 
 	<properties>
 		<java.version>1.8</java.version>
@@ -240,7 +240,7 @@
 		<dependency>
 			<groupId>de.ids_mannheim.korap</groupId>
 			<artifactId>Koral</artifactId>
-			<version>[0.34,)</version>
+			<version>[0.35,)</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.eclipse.jetty</groupId>
diff --git a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
index 13694d3..f65165e 100644
--- a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
+++ b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
@@ -54,7 +54,7 @@
 
     // fixme: use unsupported resource and include type in return message
     public static final int POLICY_ERROR_DEFAULT = 400;
-
+    public static final int NON_PUBLIC_FIELD_IGNORED = 401;
     public static final int UNSUPPORTED_RESOURCE = 402;
     //    public static final int REWRITE_FAILED = 403;
     //public static final int UNSUPPORTED_FOUNDRY = 403;
diff --git a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
index 638871b..3a04452 100644
--- a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
+++ b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
@@ -26,7 +26,6 @@
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.query.serialize.MetaQueryBuilder;
 import de.ids_mannheim.korap.query.serialize.QuerySerializer;
-import de.ids_mannheim.korap.rewrite.KoralNode;
 import de.ids_mannheim.korap.rewrite.RewriteHandler;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.user.User.CorpusAccess;
@@ -140,13 +139,16 @@
             corpusAccess = CorpusAccess.ALL;
             user.setCorpusAccess(CorpusAccess.ALL);
         }
-            
+        
         QuerySerializer serializer = new QuerySerializer();
         serializer.setQuery(q, ql, v);
         if (cq != null) serializer.setCollection(cq);
 
+        List<String> fieldList = convertFieldsToList(fields);
+        handleNonPublicFields(fieldList, accessRewriteDisabled, serializer);
+        
         MetaQueryBuilder meta = createMetaQuery(pageIndex, pageInteger, ctx,
-                pageLength, cutoff, corpusAccess, fields, accessRewriteDisabled);
+                pageLength, cutoff, corpusAccess, fieldList, accessRewriteDisabled);
         serializer.setMeta(meta.raw());
         
         // There is an error in query processing
@@ -173,9 +175,29 @@
 
     }
 
+    private void handleNonPublicFields (List<String> fieldList,
+            boolean accessRewriteDisabled, QuerySerializer serializer) {
+        List<String> nonPublicFields = new ArrayList<>(); 
+        nonPublicFields.add("snippet");
+        
+        List<String> ignoredFields = new ArrayList<>();
+        if (accessRewriteDisabled && !fieldList.isEmpty()) {
+            for (String field : fieldList) {
+                if (nonPublicFields.contains(field)) {
+                    ignoredFields.add(field);
+                }
+            }
+            if (!ignoredFields.isEmpty()) {
+                serializer.addWarning(StatusCodes.NON_PUBLIC_FIELD_IGNORED,
+                        "The requested non public fields are ignored",
+                        ignoredFields);
+            }
+        }
+    }
+    
     private MetaQueryBuilder createMetaQuery (Integer pageIndex,
             Integer pageInteger, String ctx, Integer pageLength,
-            Boolean cutoff, CorpusAccess corpusAccess, String fields,
+            Boolean cutoff, CorpusAccess corpusAccess, List<String> fieldList,
             boolean accessRewriteDisabled) {
         MetaQueryBuilder meta = new MetaQueryBuilder();
         meta.addEntry("startIndex", pageIndex);
@@ -197,20 +219,24 @@
             meta.addEntry("timeout", 90000);
         }
         
-        if (fields != null && !fields.isEmpty()){
-            List<String> fieldList = convertFieldsToList(fields);
+        if (fieldList != null && !fieldList.isEmpty()){
             meta.addEntry("fields", fieldList);
         }
         return meta;
     }
 
     private List<String> convertFieldsToList (String fields) {
-        String[] fieldArray = fields.split(",");
-        List<String> fieldList = new ArrayList<>(fieldArray.length);
-        for (String field :  fieldArray){
-            fieldList.add(field.trim());
+        if (fields != null && !fields.isEmpty()) {
+            String[] fieldArray = fields.split(",");
+            List<String> fieldList = new ArrayList<>(fieldArray.length);
+            for (String field : fieldArray) {
+                fieldList.add(field.trim());
+            }
+            return fieldList;
         }
-        return fieldList;
+        else {
+            return new ArrayList<>();
+        }
     }
     
     private String searchNeo4J (String query, int pageLength,