def _user_or_member_sqs(self, sqs, user, **kwargs):
"""
Filter the query set for user or members.
Here we check the existence of the fields to be tested,
and handle the queries that need to be directly pulled from db.
(status AND status_detail AND
(anon_view OR user_view OR member_view))
OR
(users_can_view__in user.pk)
OR
(groups_can_view__in user's groups)
user is a required argument since we'll be filtering by user.pk.
"""
groups = [g.pk for g in user.group_set.all()]
status_detail = kwargs.get('status_detail', 'active')
status = kwargs.get('status', True)
is_member = kwargs.get('is_member', True)
# allow_xxx and creator and owner fields to be checked
fields_ors_sq = None
fields_ors_sq_list = []
model_fiels = [field.name for field in self.model._meta.fields]
if 'allow_anonymous_view' in model_fiels:
fields_ors_sq_list.append(SQ(allow_anonymous_view=True))
if 'allow_user_view' in model_fiels:
fields_ors_sq_list.append(SQ(allow_user_view=True))
if is_member:
if 'allow_member_view' in model_fiels:
fields_ors_sq_list.append(SQ(allow_member_view=True))
if 'creator_username' in model_fiels:
fields_ors_sq_list.append(SQ(creator_username=user.username))
if 'owner_username' in model_fiels:
fields_ors_sq_list.append(SQ(owner_username=user.username))
for field_sq in fields_ors_sq_list:
if fields_ors_sq:
fields_ors_sq = fields_ors_sq | field_sq
else:
fields_ors_sq = field_sq
# status and status_detail if exist
status_d = {}
if 'status' in model_fiels:
status_d.update({'status': status})
if 'status_detail' in model_fiels:
status_d.update({'status_detail': status_detail})
if status_d:
status_q = SQ(**status_d)
else:
status_q = None
direct_db = kwargs.get('direct_db', 0)
# object permissions
if not direct_db:
group_perm_q = SQ(groups_can_view__in=groups)
# user is not being recorded in the ObjectPermission
#user_perm_q = SQ(users_can_view__in=[user.pk])
else:
# to pull directly from db, get a list of object_ids instead of groups
from tendenci.apps.perms.object_perms import ObjectPermission
app_label = self.model._meta.app_label
model_name = self.model.__name__
content_type = ContentType.objects.filter(app_label=app_label,
model=model_name)[:1]
codename = 'view_%s' % model_name
group_allowed_object_ids = ObjectPermission.objects.filter(
content_type=content_type[0],
codename=codename,
group__in=groups).values_list('id', flat=True)
group_perm_q = SQ(id__in=group_allowed_object_ids)
# user is not being recorded in the ObjectPermission
# so, commenting it out for now
# user_allowed_object_ids = ObjectPermission.objects.filter(
# content_type=content_type[0],
# codename=codename,
# user__in=[user]).values_list('id', flat=True)
group_perm_q = SQ(id__in=group_allowed_object_ids)
filters = None
if status_q or fields_ors_sq:
if status_q and fields_ors_sq:
filters = status_q & fields_ors_sq
elif status_q:
filters = status_q
else:
filters = fields_ors_sq
if groups:
if not filters:
filters = group_perm_q
else:
filters = filters | group_perm_q
if filters:
sqs = sqs.filter(filters)
return sqs
def exclude(self, *args, **kwargs):
"""Narrows the search by ensuring certain attributes are not included."""
clone = self._clone()
clone.query.add_filter(~SQ(*args, **kwargs))
return clone
def filter_and(self, *args, **kwargs):
"""Narrows the search by looking for (and including) certain attributes."""
clone = self._clone()
clone.query.add_filter(SQ(*args, **kwargs))
return clone
def filter_or(self, *args, **kwargs):
"""Narrows the search by ensuring certain attributes are not included."""
clone = self._clone()
clone.query.add_filter(SQ(*args, **kwargs), use_or=True)
return clone
def test_build_query(self):
self.bsq.add_filter(SQ(foo='bar'))
self.assertRaises(NotImplementedError, self.bsq.build_query)
def test_get_count(self):
self.bsq.add_filter(SQ(foo='bar'))
self.assertRaises(NotImplementedError, self.bsq.get_count)
def test_repr(self):
self.assertEqual(repr(SQ(foo='bar')), '<SQ: AND foo__exact=bar>')
self.assertEqual(repr(SQ(foo=1)), '<SQ: AND foo__exact=1>')
self.assertEqual(repr(SQ(foo=datetime.datetime(2009, 5, 12, 23, 17))),
'<SQ: AND foo__exact=2009-05-12 23:17:00>')
def filter_searchqueryset_for_read_access(sqs, user):
"""
Given a SearchQuerySet, this function adds a filter that limits the
result set to only include elements with read access.
"""
public_node = (
SQ(public__exact=True)
| # public on the object itself (applicable for groups)
SQ(mt_visibility__exact=BaseTagObject.VISIBILITY_ALL)
| # public via "everyone can see me" visibility meta attribute
SQ(
always_visible__exact=True
) # special marker for indexed objects that should always show up in search
)
if user.is_authenticated:
if check_user_superuser(user):
pass
else:
logged_in_user_visibility = (
SQ(user_visibility_mode__exact=True)
& # for UserProfile search index objects
SQ(
mt_visibility__exact=BaseTagObject.VISIBILITY_GROUP
) # logged in users can see users who are visible
)
my_item = (SQ(creator__exact=user.id))
visible_for_all_authenticated_users = (SQ(
visible_for_all_authenticated_users=True))
# FIXME: known problem: ``group_members`` is a stale indexed representation of the members
# of an items group. New members of a group won't be able to find old indexed items if the index
# is not refreshed regularly
group_visible_and_in_my_group = (
SQ(mt_visibility__exact=BaseTagObject.VISIBILITY_GROUP)
& SQ(group_members__contains=user.id))
ored_query = public_node | group_visible_and_in_my_group | my_item \
| logged_in_user_visibility | visible_for_all_authenticated_users
users_group_ids = get_cosinnus_group_model(
).objects.get_for_user_pks(user)
if users_group_ids:
group_member_user_visibility = (
SQ(user_visibility_mode__exact=True)
& # for UserProfile search index objects
SQ(mt_visibility__exact=BaseTagObject.VISIBILITY_USER)
& # team mambers can see this user
SQ(membership_groups__in=users_group_ids))
ored_query = ored_query | group_member_user_visibility
sqs = sqs.filter_and(ored_query)
else:
sqs = sqs.filter_and(public_node)
return sqs
def _boost_search_query(self, sqs):
q = self.cleaned_data['q']
sqs = sqs.filter(SQ(boosted=AutoQuery(q)) | SQ(text=AutoQuery(q)))
return sqs
