def fulltext_search(request, query, limit):
# query index
index = get_index()
parser = QueryParser('value', index.schema)
with index.searcher() as searcher:
query = parser.parse(query)
results = searcher.search(query, limit=limit)
results = results_to_instances(request, results)
# helper for limit
def limited(res):
if limit is not None:
return res[:limit]
return res
# if authenticated, return all draft and published results
authenticated = bool(authenticated_userid(request))
if authenticated:
return limited(
[res for res in results if res.state in ['draft', 'published']])
# check for submitter
submitter = get_submitter(request)
if submitter:
return limited(
[res for res in results if res.state == 'published' or
(res.state == 'draft' and submitter == res.submitter)])
# return only public results
return limited([res for res in results if res.state == 'published'])
def json_references(model, request, search_references, limit,
extract_title=None):
term = request.params['q']
# authenticated gets all
authenticated = bool(authenticated_userid(request))
if authenticated:
records = search_references(request, term, limit=limit)
# anonymous gets published
else:
records = search_references(
request, term, state=['published'], limit=limit)
# additionally add by submitter
submitter = get_submitter(request)
if submitter:
records += search_references(
request, term, state=['draft'],
submitter=submitter, limit=limit)
# create and return result
result = list()
for record in records:
if extract_title is not None:
name = extract_title(record)
else:
name = record.title
result.append({
'id': str(record.uid),
'text': name,
})
return sorted(result, key=lambda x: x['text'])
def listable_children(self):
authenticated = authenticated_userid(self.request)
submitter = get_submitter(self.request)
if submitter and not authenticated:
def query(cls):
return session.query(cls.uid)\
.filter(cls.submitter == submitter).all()
else:
creator = authenticated
def query(cls):
return session.query(cls.uid)\
.filter(cls.creator == creator).all()
root = self.model.root
def fetch_node(container, uid):
return container[str(uid)]
nodes = list()
session = get_session(self.request)
attachments = root['attachments']
for record in query(AttachmentRecord):
nodes.append(fetch_node(attachments, record[0]))
facilities = root['facilities']
for record in query(FacilityRecord):
nodes.append(fetch_node(facilities, record[0]))
locations = root['locations']
for record in query(LocationRecord):
nodes.append(fetch_node(locations, record[0]))
occasions = root['occasions']
for record in query(OccasionRecord):
nodes.append(fetch_node(occasions, record[0]))
return nodes
def actions(self):
if self.is_backend:
return False
authenticated = bool(authenticated_userid(self.request))
if not authenticated and not get_submitter(self.request):
return False
return True
def prepare(_next, self):
submitter = get_submitter(self.request)
if not self.authenticated:
if not submitter:
raise Forbidden
if submitter != self.model.attrs['submitter']:
raise Forbidden
_next(self)
def show_note(self):
authenticated = authenticated_userid(self.request)
if authenticated:
return False
if self.model.state == 'published':
return False
submitter = get_submitter(self.request)
if not submitter or self.model.attrs['submitter'] != submitter:
return False
return True
def check_submitter_access(model, request):
authenticated = authenticated_userid(request)
if not authenticated:
submitter = get_submitter(request)
if model.attrs['state'] != 'published':
if not submitter:
raise Forbidden
if model.attrs['submitter'] != submitter:
raise Forbidden
if model.attrs['state'] != 'draft':
raise Forbidden
def can_edit(self):
authenticated = bool(authenticated_userid(self.request))
if not authenticated:
submitter = get_submitter(self.request)
if not submitter:
return False
if self.model.attrs['submitter'] != submitter:
return False
if self.model.attrs['state'] != 'draft':
return False
return True
def extract_locations(request, record, result):
cls = record.__class__
if cls is LocationRecord:
# check ignoring not authenticated
authenticated = bool(authenticated_userid(request))
if not authenticated and record.state != 'published':
submitter = get_submitter(request)
# no submitter, ignore
if not submitter:
return
# wrong submitter, ignore
if record.submitter != submitter:
return
# wrong state, ignore
if record.state != 'draft':
return
uid = str(record.uid)
query = make_query(**{UX_IDENT: UX_FRONTEND})
target = make_url(
request,
path=[value_containers[cls], uid],
query=query,
)
result[uid] = {
'value': value_extractors[cls](record),
'action': value_actions[cls],
'target': target,
'lat': record.lat,
'lon': record.lon,
'state': record.state,
}
elif cls is FacilityRecord:
for location in record.location:
extract_locations(request, location, result)
elif cls is OccasionRecord:
for location in record.location:
extract_locations(request, location, result)
for facility in record.facility:
extract_locations(request, facility, result)
elif cls is AttachmentRecord:
for location in record.location:
extract_locations(request, location, result)
for facility in record.facility:
extract_locations(request, facility, result)
for occasion in record.occasion:
extract_locations(request, occasion, result)
def visible_references(self):
records = list()
authenticated = bool(authenticated_userid(self.request))
submitter = get_submitter(self.request)
for record in self.reference_records:
# check ignoring not authenticated
if not authenticated and record.state != 'published':
# no submitter, continue
if not submitter:
continue
# wrong submitter, continue
if record.submitter != submitter:
continue
# wrong state, continue
if record.state != 'draft':
continue
records.append(record)
return records
def json_locations_in_bounds(model, request):
# bounds
north, south, west, east = (
request.params['n'],
request.params['s'],
request.params['w'],
request.params['e'],
)
# authenticated gets all locations
authenticated = bool(authenticated_userid(request))
if authenticated:
records = locations_in_bounds(request, north, south, west, east)
# anonymous gets published locations
else:
records = locations_in_bounds(
request, north, south, west, east, state=['published'])
# additionally add records by submitter
submitter = get_submitter(request)
if submitter:
records += locations_in_bounds(
request, north, south, west, east,
state=['draft'], submitter=submitter)
# create result
result = list()
for record in records:
uid = str(record.uid)
query = make_query(**{UX_IDENT: UX_FRONTEND})
target = make_url(
request,
path=[value_containers[LocationRecord], uid],
query=query,
)
result.append({
'value': value_extractors[LocationRecord](record),
'action': value_actions[LocationRecord],
'target': target,
'lat': record.lat,
'lon': record.lon,
'state': record.state,
})
return result
def __call__(self, model, request):
if not authenticated_userid(request):
if not get_submitter(request):
raise Forbidden
return super(SubmitterContentsTile, self).__call__(model, request)
def table_title(self):
authenticated = authenticated_userid(self.request)
if authenticated:
return authenticated
return get_submitter(self.request)
def prepare(_next, self):
submitter = get_submitter(self.request)
if not self.authenticated:
if not submitter:
raise Forbidden
_next(self)
def save(_next, self, widget, data):
if not self.authenticated:
submitter = get_submitter(self.request)
self.model.attrs['submitter'] = submitter
_next(self, widget, data)
