def es_proxy(request): user = request.user es_path = request.path.replace('/elastic', '') resource_requested = parse_request_path(es_path) # Allow access to the cluster _mapping and _nodes for kibana if resource_requested['cluster'] == True: if resource_requested['call'] not in ['_mapping', '_nodes']: raise PermissionDenied() request_method = requests.get # Allow access to _search by POST only else: if request.method not in ['POST', 'GET'] or resource_requested['call'] != '_search': raise PermissionDenied() request_method = requests.post r = request_method('http://localhost:9200%s' % es_path, data=request.body) if resource_requested['cluster']: content = r.content else: es_response = json.loads(r.content) if 'hits' in es_response.keys(): for index, record in enumerate(es_response['hits']['hits']): index_name = record['_type'] es_response['hits']['hits'][index]['_source'] = restrict_access(record['_source'], index_name, user) content = json.dumps(es_response) return HttpResponse(content, content_type="application/json")
def to_representation(self, obj): # Here we figure out if the user has access to this data object # through a data sharing agreement or since the object is permitted # to all users from globallometree.apps.data_sharing.data_tools import restrict_access record = super(LinkedModelSerializer, self).to_representation(obj) if 'request' in self.context.keys(): return restrict_access(record, self.elasticsearch_index_name, self.context['request'].user) else: return record