PB-1635 Hide expired items in search

[asteiner-swisstopo]

This hides expired items in the /search endpoints. That this wasn't done already only became apparent when a bug prevented the cron job cron-delete-expired to clean up expired items properly, see PB-1575.

There are two search endpoints affected by this change:

1. GET /search: Simple filtering
2. POST /search: Advanced filtering in the payload.

We hide an item if has property "expires" set to a time in the past, so in principle the same as in these endpoints:

• GET /collections/{collectionId}/items: Fetch features
• GET /collections/{collectionId}/items/{featureId}: Fetch a single feature

To discuss:

1. There is a small difference to the Item endpoints. I first check if the field is defined and then compare timestamps, not vice versa:

   • Items endpoints: Q(properties_expires__gte=timezone.now()) | Q(properties_expires=None)
   • Search endpoints: Q(properties_expires=None) | Q(properties_expires__gte=timezone.now())

   I don't see why you would check for None only after... Is this a bug?

2. To check whether an expiry date is in the past, the reference time is the time at which the query is processed on our server. As storage and filtering is done on the same server, I don't see problems with time zones.

[adk-swisstopo]

I don't see why you would check for None only after... Is this a bug?

Why would the order matter?
That said, maybe there should be a common get_visible_items method that both endpoints call?

[adk-swisstopo]

While I think this looks good, I generally think it's nicer to guard this kind of behaviour change behind a flag we can control from an environment variable. This allows to roll back easily in case it causes a problem. See FEATURE_AUTH_ENABLE_APIGW for an example.