Exemple #1
0
def search_factory(self, search, query_parser=None):
    """Documents search factory.

    :param search: Search instance.
    :param query_parser: Url arguments.
    :returns: Tuple with search instance and URL arguments.
    """
    search, urlkwargs = default_search_factory(self, search,
                                               documents_query_parser)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    view = request.args.get('view')

    # Public search
    if view:
        # Filter record by organisation view.
        if view != current_app.config.get('SONAR_APP_DEFAULT_ORGANISATION'):
            search = search.filter('term', organisation__pid=view)

        # Don't display records flagged as hidden
        search = search.filter('bool',
                               must_not={'term': {
                                   'hiddenFromPublic': True
                               }})

    # Admin
    else:
        # Filters records by user's organisation
        if not current_user_record.is_superuser:
            search = search.filter(
                'term', organisation__pid=current_organisation['pid'])

    return (search, urlkwargs)
Exemple #2
0
def search_factory(self, search, query_parser=None):
    """Project search factory.

    :param search: Search instance.
    :param query_parser: Url arguments.
    :returns: Tuple with search instance and URL arguments.
    """
    search, urlkwargs = default_search_factory(self, search)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    # For superusers, records are not filtered.
    if current_user_record.is_superuser:
        return (search, urlkwargs)

    # For admin and moderator, only records that belongs to his organisation.
    # The same rule is applied when searching project in typeahead input.
    # TODO: Find a better way for handling typeahead calls..
    if current_user_record.is_moderator or (
            request.args.get('q')
            and request.args['q'].startswith('autocomplete_name')):
        search = search.filter('term',
                               organisation__pid=current_organisation['pid'])
        return (search, urlkwargs)

    # For user, only records that belongs to him.
    if current_user_record.is_submitter:
        search = search.filter('term', user__pid=current_user_record['pid'])

    return (search, urlkwargs)
Exemple #3
0
def search_factory(self, search, query_parser=None):
    """Deposit search factory.

    :param search: Search instance.
    :param query_parser: Url arguments.
    :returns: Tuple with search instance and URL arguments.
    """
    search, urlkwargs = default_search_factory(self, search)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    # For superusers, records are not filtered.
    if current_user_record.is_superuser:
        return (search, urlkwargs)

    # For admin and moderator, only records that belongs to his organisation.
    if current_user_record.is_admin or current_user_record.is_moderator:
        search = search.filter(
            'term', user__organisation__pid=current_organisation['pid'])
        return (search, urlkwargs)

    # For user, only records that belongs to him.
    if current_user_record.is_submitter:
        search = search.filter('term', user__pid=current_user_record['pid'])

    return (search, urlkwargs)
Exemple #4
0
def search_factory(self, search, query_parser=None):
    """Organisation search factory.

    :param search: Search instance.
    :param query_parser: Url arguments.
    :returns: Tuple with search instance and URL arguments.
    """
    search, urlkwargs = default_search_factory(self, search)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    # Records are not filtered for superusers.
    if current_user_record.is_superuser:
        return (search, urlkwargs)

    # For admins, records are filtered by organisation of the current user.
    search = search.filter('term', code=current_organisation['pid'])

    return (search, urlkwargs)
Exemple #5
0
def search_factory(self, search, query_parser=None):
    """Deposit search factory.

    :param search: Search instance.
    :param query_parser: Url arguments.
    :returns: Tuple with search instance and URL arguments.
    """
    search, urlkwargs = default_search_factory(self, search)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    user = current_user_record

    # For superusers, records are not filtered.
    if user.is_superuser:
        return (search, urlkwargs)

    # For admin and moderator, only records that belongs to his organisation.
    if user.is_admin or user.is_moderator:
        search = search.filter(
            'term', user__organisation__pid=current_organisation['pid'])

        # For moderators having a subdivision, records are filtered by
        # subdivision or by owned deposits
        if not user.is_admin and user.is_moderator and user.get('subdivision'):
            user = user.replace_refs()
            search = search.filter(
                'bool',
                should=[
                    Q('term', user__subdivision__pid=user['subdivision']['pid']),
                    Q('term', user__pid=user['pid'])
                ])

        return (search, urlkwargs)

    # For user, only records that belongs to him.
    if user.is_submitter:
        search = search.filter('term', user__pid=user['pid'])

    return (search, urlkwargs)
Exemple #6
0
def search_factory(self, search):
    """Search factory.

    :param Search search: Search instance
    :return: Tuple with search instance and URL arguments
    :rtype: tuple
    """
    search, urlkwargs = default_search_factory(self, search)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    # Records are not filtered for superusers.
    if current_user_record.is_superuser:
        return (search, urlkwargs)

    # For admins, records are filtered by organisation of the current user.
    search = search.filter('term',
                           organisation__pid=current_organisation['pid'])

    return (search, urlkwargs)
Exemple #7
0
def search_factory(self, search, query_parser=None):
    """User search factory.

    :param search: Search instance.
    :param query_parser: Url arguments.
    :returns: Tuple with search instance and URL arguments.
    """
    search, urlkwargs = default_search_factory(self, search)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    # Searching for existing email, everybody can do that
    if urlkwargs.get('q') and urlkwargs['q'].startswith('email:'):
        search = search.source(includes=['pid'])
        return (search, urlkwargs)

    # Super users can list all records
    if current_user_record.is_superuser:
        return (search, urlkwargs)

    # For admins, records are filtererd by user's organisation and they cannot
    # get superuser records.
    if current_user_record.is_admin:
        first_filter = Q('term', organisation__pid=current_organisation['pid'])
        second_filter = Q('bool',
                          must_not={'exists': {
                              'field': 'organisation'
                          }})
        search = search \
            .filter('bool', filter=first_filter | second_filter) \
            .filter('bool', must_not={'term': {'role': 'superuser'}})
        return (search, urlkwargs)

    # For remaining roles, they can only list themselves
    search = search.filter('term', pid=current_user_record['pid'])

    return (search, urlkwargs)
Exemple #8
0
def search_factory(self, search, query_parser=None):
    """Documents search factory.

    :param search: Search instance.
    :param query_parser: Url arguments.
    :returns: Tuple with search instance and URL arguments.
    """
    search, urlkwargs = default_search_factory(self, search,
                                               documents_query_parser)

    if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'):
        return (search, urlkwargs)

    view = request.args.get('view')

    # Public search
    if view:
        # Don't display masked records
        search = search.filter('bool',
                               should=[{
                                   'bool': {
                                       'must_not': [{
                                           'exists': {
                                               'field': 'masked'
                                           }
                                       }]
                                   }
                               }, {
                                   'bool': {
                                       'filter': [{
                                           'term': {
                                               'masked': 'not_masked'
                                           }
                                       }]
                                   }
                               }, {
                                   'bool': {
                                       'must': [{
                                           'term': {
                                               'masked':
                                               'masked_for_external_ips'
                                           }
                                       }, {
                                           'term': {
                                               'organisation.ips':
                                               get_current_ip()
                                           }
                                       }]
                                   }
                               }])

        # Filter record by organisation view.
        if view != current_app.config.get('SONAR_APP_DEFAULT_ORGANISATION'):
            search = search.filter('term', organisation__pid=view)

        # Filter collection
        if request.args.get('collection_view'):
            search = search.filter(
                'term', collections__pid=request.args['collection_view'])
    # Admin
    else:
        # Filters records by user's organisation
        if not current_user_record.is_superuser:
            search = search.filter(
                'term', organisation__pid=current_organisation['pid'])

    return (search, urlkwargs)