API: add project name/slug filters

[agjohnson]

I am trying to use the project API for some search and dropdown filters,
and while I can filter the local results, it's much nicer to use the API
filter for this.

This adds an icontains filter field for project name and slug, and
hopefully some accurate tests.

---

📚 Documentation previews 📚

• User's documentation (docs): https://docs--9843.org.readthedocs.build/en/9843/

• Developer's documentation (dev): https://dev--9843.org.readthedocs.build/en/9843/

[humitos]

I think this is fine as long as we use this filter only over the projects the user is owner/maintainer. Otherwise, it will kill our servers.

[agjohnson]

I think this is fine as long as we use this filter only over the projects the user is owner/maintainer. Otherwise, it will kill our servers.

This is a great point, I hadn't thought of that. The intention is to only use this param to filter owner/user projects. However, if we are still allowing public project listing search, someone could abuse this query.

If you have any thoughts on how to secure this more, this might be a good place for you to jump in on this. Seems we could probably truncate the queryset or validate the request somehow, if we're concerned about querying all projects with this.

[agjohnson]

Dev docs failure isn't related to this change.

[humitos]

This is a great point, I hadn't thought of that. The intention is to only use this param to filter owner/user projects. However, if we are still allowing public project listing search, someone could abuse this query.

I think we are fine:

readthedocs.org/readthedocs/api/v3/permissions.py

Lines 25 to 26 in d8f5282

	* Always give permission for a ``detail`` request
	* Only give permission for ``listing`` request if user is admin of the project

We allow details on all the objects and listing only over the objects the user has access to.

[benjaoming]

LGTM, perhaps when the print statement is removed, this can go in?

[humitos]

This is ready to merge 💯