mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-22 22:23:23 +00:00
forum and core: add a dedicated mixin to exclude unauthorized search results
This commit is contained in:
parent
3fdb83c1c2
commit
076b10e325
@ -189,27 +189,41 @@ class CanViewMixin(View):
|
|||||||
# If we get here, it's a ListView
|
# If we get here, it's a ListView
|
||||||
queryset = self.get_queryset()
|
queryset = self.get_queryset()
|
||||||
|
|
||||||
# Test if comes from a haystack query
|
|
||||||
if isinstance(queryset, SearchQuerySet):
|
|
||||||
l_id = [o.object.id for o in queryset if can_view(o.object, request.user)]
|
|
||||||
else:
|
|
||||||
l_id = [o.id for o in queryset if can_view(o, request.user)]
|
l_id = [o.id for o in queryset if can_view(o, request.user)]
|
||||||
if not l_id and queryset.count() != 0:
|
if not l_id and queryset.count() != 0:
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
self._get_queryset = self.get_queryset
|
self._get_queryset = self.get_queryset
|
||||||
|
|
||||||
def get_qs(self2):
|
def get_qs(self2):
|
||||||
q = self2._get_queryset()
|
return self._get_queryset().filter(id__in=l_id)
|
||||||
# Test if comes from a haystack query
|
|
||||||
if isinstance(q, SearchQuerySet):
|
|
||||||
resp = [r.object for r in q if r.object.id in l_id]
|
|
||||||
return resp
|
|
||||||
return q.filter(id__in=l_id)
|
|
||||||
|
|
||||||
self.get_queryset = types.MethodType(get_qs, self)
|
self.get_queryset = types.MethodType(get_qs, self)
|
||||||
return super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
|
return super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
|
class CanViewSearchMixin(View):
|
||||||
|
"""
|
||||||
|
This view removes all forbidden content from a SearchQuerySet
|
||||||
|
"""
|
||||||
|
|
||||||
|
def dispatch(self, request, *arg, **kwargs):
|
||||||
|
|
||||||
|
queryset = self.get_queryset()
|
||||||
|
excluded = [
|
||||||
|
o.object.id for o in queryset if not can_view(o.object, request.user)
|
||||||
|
]
|
||||||
|
|
||||||
|
self._queryset = queryset
|
||||||
|
|
||||||
|
def get_qs(self2):
|
||||||
|
q = self2._queryset.exclude(id__in=excluded)
|
||||||
|
resp = [r.object for r in q]
|
||||||
|
return resp
|
||||||
|
|
||||||
|
self.get_queryset = types.MethodType(get_qs, self)
|
||||||
|
return super(CanViewSearchMixin, self).dispatch(request, *arg, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class FormerSubscriberMixin(View):
|
class FormerSubscriberMixin(View):
|
||||||
"""
|
"""
|
||||||
This view check if the user was at least an old subscriber
|
This view check if the user was at least an old subscriber
|
||||||
|
@ -37,19 +37,24 @@ from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
|
|||||||
|
|
||||||
from ajax_select import make_ajax_field
|
from ajax_select import make_ajax_field
|
||||||
|
|
||||||
from core.views import CanViewMixin, CanEditMixin, CanEditPropMixin, CanCreateMixin
|
from core.views import (
|
||||||
|
CanViewMixin,
|
||||||
|
CanEditMixin,
|
||||||
|
CanEditPropMixin,
|
||||||
|
CanCreateMixin,
|
||||||
|
CanViewSearchMixin,
|
||||||
|
)
|
||||||
from core.views.forms import MarkdownInput
|
from core.views.forms import MarkdownInput
|
||||||
from forum.models import Forum, ForumMessage, ForumTopic, ForumMessageMeta
|
from forum.models import Forum, ForumMessage, ForumTopic, ForumMessageMeta
|
||||||
from haystack.query import SearchQuerySet
|
from haystack.query import SearchQuerySet
|
||||||
|
|
||||||
|
|
||||||
class ForumSearchView(CanViewMixin, ListView):
|
class ForumSearchView(CanViewSearchMixin, ListView):
|
||||||
template_name = "forum/search.jinja"
|
template_name = "forum/search.jinja"
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
query = self.request.GET.get("query", "")
|
query = self.request.GET.get("query", "")
|
||||||
return SearchQuerySet().models(ForumMessage).autocomplete(auto=query)
|
return SearchQuerySet().models(ForumMessage).autocomplete(auto=query)
|
||||||
# return [r.object for r in q]
|
|
||||||
|
|
||||||
|
|
||||||
class ForumMainView(ListView):
|
class ForumMainView(ListView):
|
||||||
|
Loading…
Reference in New Issue
Block a user