forum and core: add access rights on search query

forum/models.py

@@ -331,9 +331,9 @@ class ForumMessage(models.Model):
         return user.can_edit(self.topic.forum)
 
     def can_be_viewed_by(self, user):
-        return (
-            not self._deleted
-        )  # No need to check the real rights since it's already done by the Topic view
+        return not self._deleted and self.topic.can_be_viewed_by(
+            user
+        )  # Useful in search engine
 
     def can_be_moderated_by(self, user):
         return self.topic.forum.is_owned_by(user) or user.id == self.author.id

forum/views.py

@@ -2,6 +2,7 @@
 #
 # Copyright 2016,2017,2018
 # - Skia <skia@libskia.so>
+# - Sli <antoine@bartuccio.fr>
 #
 # Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
 # http://ae.utbm.fr.
@@ -42,13 +43,13 @@ from forum.models import Forum, ForumMessage, ForumTopic, ForumMessageMeta
 from haystack.query import SearchQuerySet
 
 
-class ForumSearchView(ListView):
+class ForumSearchView(CanViewMixin, ListView):
     template_name = "forum/search.jinja"
 
     def get_queryset(self):
         query = self.request.GET.get("query", "")
-        q = SearchQuerySet().models(ForumMessage).autocomplete(auto=query)
-        return [r.object for r in q]
+        return SearchQuerySet().models(ForumMessage).autocomplete(auto=query)
+        # return [r.object for r in q]
 
 
 class ForumMainView(ListView):