Add tenant isolation enforcement to Elasticsearch search queries in SearchService

[RUKAYAT-CODER]

Overview

src/search/search.service.ts builds Elasticsearch queries without consistently including a tenantId filter. In a multi-tenant deployment, a search for "javascript" could return courses from other tenants, leaking course titles, descriptions, and instructor information across tenant boundaries.

Specifications

Features:

• Every Elasticsearch query in SearchService must include a term filter on tenantId.

Tasks:

• Inject the current tenant context (TenancyService or request-scoped tenant ID) into SearchService.
• Add a helper buildTenantFilter(tenantId) that returns an Elasticsearch term query.
• Apply this filter as a must clause in every bool query.
• Add integration tests with two tenants verifying search results are isolated.

Impacted Files:

• src/search/search.service.ts

Acceptance Criteria

• Search results for Tenant A never include content from Tenant B.
• Integration test verifies isolation by populating both tenants and searching cross-boundary.
• Filter is applied even when no other query parameters are present.

[godwinishaku506-hub]

@godwinishaku506-hub has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I can handle this issue and will like to work on it, Please assign

ℹ️ Repo Maintainers: To accept this application, review their application or assign @godwinishaku506-hub to this issue.

[drips-wave]

Congratulations, @godwinishaku506-hub! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @godwinishaku506-hub: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊