mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-26 11:04:20 +00:00
forum and core: add access rights on search query
This commit is contained in:
parent
525b047b4f
commit
3fdb83c1c2
@ -2,6 +2,7 @@
|
|||||||
#
|
#
|
||||||
# Copyright 2016,2017
|
# Copyright 2016,2017
|
||||||
# - Skia <skia@libskia.so>
|
# - Skia <skia@libskia.so>
|
||||||
|
# - Sli <antoine@bartuccio.fr>
|
||||||
#
|
#
|
||||||
# Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
|
# Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
|
||||||
# http://ae.utbm.fr.
|
# http://ae.utbm.fr.
|
||||||
@ -42,6 +43,7 @@ from django.db.models import Count
|
|||||||
|
|
||||||
from core.models import Group
|
from core.models import Group
|
||||||
from core.views.forms import LoginForm
|
from core.views.forms import LoginForm
|
||||||
|
from haystack.query import SearchQuerySet
|
||||||
|
|
||||||
|
|
||||||
def forbidden(request):
|
def forbidden(request):
|
||||||
@ -176,6 +178,7 @@ class CanViewMixin(View):
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
def dispatch(self, request, *arg, **kwargs):
|
def dispatch(self, request, *arg, **kwargs):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.object = self.get_object()
|
self.object = self.get_object()
|
||||||
if can_view(self.object, request.user):
|
if can_view(self.object, request.user):
|
||||||
@ -184,13 +187,24 @@ class CanViewMixin(View):
|
|||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
# If we get here, it's a ListView
|
# If we get here, it's a ListView
|
||||||
l_id = [o.id for o in self.get_queryset() if can_view(o, request.user)]
|
queryset = self.get_queryset()
|
||||||
if not l_id and self.get_queryset().count() != 0:
|
|
||||||
|
# Test if comes from a haystack query
|
||||||
|
if isinstance(queryset, SearchQuerySet):
|
||||||
|
l_id = [o.object.id for o in queryset if can_view(o.object, request.user)]
|
||||||
|
else:
|
||||||
|
l_id = [o.id for o in queryset if can_view(o, request.user)]
|
||||||
|
if not l_id and queryset.count() != 0:
|
||||||
raise PermissionDenied
|
raise PermissionDenied
|
||||||
self._get_queryset = self.get_queryset
|
self._get_queryset = self.get_queryset
|
||||||
|
|
||||||
def get_qs(self2):
|
def get_qs(self2):
|
||||||
return self2._get_queryset().filter(id__in=l_id)
|
q = self2._get_queryset()
|
||||||
|
# Test if comes from a haystack query
|
||||||
|
if isinstance(q, SearchQuerySet):
|
||||||
|
resp = [r.object for r in q if r.object.id in l_id]
|
||||||
|
return resp
|
||||||
|
return q.filter(id__in=l_id)
|
||||||
|
|
||||||
self.get_queryset = types.MethodType(get_qs, self)
|
self.get_queryset = types.MethodType(get_qs, self)
|
||||||
return super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
|
return super(CanViewMixin, self).dispatch(request, *arg, **kwargs)
|
||||||
|
@ -331,9 +331,9 @@ class ForumMessage(models.Model):
|
|||||||
return user.can_edit(self.topic.forum)
|
return user.can_edit(self.topic.forum)
|
||||||
|
|
||||||
def can_be_viewed_by(self, user):
|
def can_be_viewed_by(self, user):
|
||||||
return (
|
return not self._deleted and self.topic.can_be_viewed_by(
|
||||||
not self._deleted
|
user
|
||||||
) # No need to check the real rights since it's already done by the Topic view
|
) # Useful in search engine
|
||||||
|
|
||||||
def can_be_moderated_by(self, user):
|
def can_be_moderated_by(self, user):
|
||||||
return self.topic.forum.is_owned_by(user) or user.id == self.author.id
|
return self.topic.forum.is_owned_by(user) or user.id == self.author.id
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
#
|
#
|
||||||
# Copyright 2016,2017,2018
|
# Copyright 2016,2017,2018
|
||||||
# - Skia <skia@libskia.so>
|
# - Skia <skia@libskia.so>
|
||||||
|
# - Sli <antoine@bartuccio.fr>
|
||||||
#
|
#
|
||||||
# Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
|
# Ce fichier fait partie du site de l'Association des Étudiants de l'UTBM,
|
||||||
# http://ae.utbm.fr.
|
# http://ae.utbm.fr.
|
||||||
@ -42,13 +43,13 @@ from forum.models import Forum, ForumMessage, ForumTopic, ForumMessageMeta
|
|||||||
from haystack.query import SearchQuerySet
|
from haystack.query import SearchQuerySet
|
||||||
|
|
||||||
|
|
||||||
class ForumSearchView(ListView):
|
class ForumSearchView(CanViewMixin, ListView):
|
||||||
template_name = "forum/search.jinja"
|
template_name = "forum/search.jinja"
|
||||||
|
|
||||||
def get_queryset(self):
|
def get_queryset(self):
|
||||||
query = self.request.GET.get("query", "")
|
query = self.request.GET.get("query", "")
|
||||||
q = SearchQuerySet().models(ForumMessage).autocomplete(auto=query)
|
return SearchQuerySet().models(ForumMessage).autocomplete(auto=query)
|
||||||
return [r.object for r in q]
|
# return [r.object for r in q]
|
||||||
|
|
||||||
|
|
||||||
class ForumMainView(ListView):
|
class ForumMainView(ListView):
|
||||||
|
Loading…
Reference in New Issue
Block a user