klmp200/Sith
1
0
Fork 0
mirror of https://github.com/ae-utbm/sith.git synced 2025-11-10 22:11:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

exclude hidden users from ajax search

Browse Source
This commit is contained in:
imperosol
2025-11-09 21:19:15 +01:00
parent cb6fe18916
commit 59d8d73c88
6 changed files with 55 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/api.py
View File

@@ -74,7 +74,7 @@ class MailingListController(ControllerBase):
class UserController(ControllerBase):
@route.get("", response=list[UserProfileSchema], permissions=[CanAccessLookup])
def fetch_profiles(self, pks: Query[set[int]]):
return User.objects.filter(pk__in=pks)
return User.objects.viewable_by(self.context.request.user).filter(pk__in=pks)
@route.get("/{int:user_id}", response=UserSchema, permissions=[CanView])
def fetch_user(self, user_id: int):
@@ -90,7 +90,9 @@ class UserController(ControllerBase):
@paginate(PageNumberPaginationExtra, page_size=20)
def search_users(self, filters: Query[UserFilterSchema]):
return filters.filter(
User.objects.order_by(F("last_login").desc(nulls_last=True))
User.objects.viewable_by(self.context.request.user).order_by(
F("last_login").desc(nulls_last=True)
)
)