def search_factory(self, search, query_parser=None): """Documents search factory. :param search: Search instance. :param query_parser: Url arguments. :returns: Tuple with search instance and URL arguments. """ search, urlkwargs = default_search_factory(self, search, documents_query_parser) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) view = request.args.get('view') # Public search if view: # Filter record by organisation view. if view != current_app.config.get('SONAR_APP_DEFAULT_ORGANISATION'): search = search.filter('term', organisation__pid=view) # Don't display records flagged as hidden search = search.filter('bool', must_not={'term': { 'hiddenFromPublic': True }}) # Admin else: # Filters records by user's organisation if not current_user_record.is_superuser: search = search.filter( 'term', organisation__pid=current_organisation['pid']) return (search, urlkwargs)
def search_factory(self, search, query_parser=None): """Project search factory. :param search: Search instance. :param query_parser: Url arguments. :returns: Tuple with search instance and URL arguments. """ search, urlkwargs = default_search_factory(self, search) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) # For superusers, records are not filtered. if current_user_record.is_superuser: return (search, urlkwargs) # For admin and moderator, only records that belongs to his organisation. # The same rule is applied when searching project in typeahead input. # TODO: Find a better way for handling typeahead calls.. if current_user_record.is_moderator or ( request.args.get('q') and request.args['q'].startswith('autocomplete_name')): search = search.filter('term', organisation__pid=current_organisation['pid']) return (search, urlkwargs) # For user, only records that belongs to him. if current_user_record.is_submitter: search = search.filter('term', user__pid=current_user_record['pid']) return (search, urlkwargs)
def search_factory(self, search, query_parser=None): """Deposit search factory. :param search: Search instance. :param query_parser: Url arguments. :returns: Tuple with search instance and URL arguments. """ search, urlkwargs = default_search_factory(self, search) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) # For superusers, records are not filtered. if current_user_record.is_superuser: return (search, urlkwargs) # For admin and moderator, only records that belongs to his organisation. if current_user_record.is_admin or current_user_record.is_moderator: search = search.filter( 'term', user__organisation__pid=current_organisation['pid']) return (search, urlkwargs) # For user, only records that belongs to him. if current_user_record.is_submitter: search = search.filter('term', user__pid=current_user_record['pid']) return (search, urlkwargs)
def search_factory(self, search, query_parser=None): """Organisation search factory. :param search: Search instance. :param query_parser: Url arguments. :returns: Tuple with search instance and URL arguments. """ search, urlkwargs = default_search_factory(self, search) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) # Records are not filtered for superusers. if current_user_record.is_superuser: return (search, urlkwargs) # For admins, records are filtered by organisation of the current user. search = search.filter('term', code=current_organisation['pid']) return (search, urlkwargs)
def search_factory(self, search, query_parser=None): """Deposit search factory. :param search: Search instance. :param query_parser: Url arguments. :returns: Tuple with search instance and URL arguments. """ search, urlkwargs = default_search_factory(self, search) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) user = current_user_record # For superusers, records are not filtered. if user.is_superuser: return (search, urlkwargs) # For admin and moderator, only records that belongs to his organisation. if user.is_admin or user.is_moderator: search = search.filter( 'term', user__organisation__pid=current_organisation['pid']) # For moderators having a subdivision, records are filtered by # subdivision or by owned deposits if not user.is_admin and user.is_moderator and user.get('subdivision'): user = user.replace_refs() search = search.filter( 'bool', should=[ Q('term', user__subdivision__pid=user['subdivision']['pid']), Q('term', user__pid=user['pid']) ]) return (search, urlkwargs) # For user, only records that belongs to him. if user.is_submitter: search = search.filter('term', user__pid=user['pid']) return (search, urlkwargs)
def search_factory(self, search): """Search factory. :param Search search: Search instance :return: Tuple with search instance and URL arguments :rtype: tuple """ search, urlkwargs = default_search_factory(self, search) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) # Records are not filtered for superusers. if current_user_record.is_superuser: return (search, urlkwargs) # For admins, records are filtered by organisation of the current user. search = search.filter('term', organisation__pid=current_organisation['pid']) return (search, urlkwargs)
def search_factory(self, search, query_parser=None): """User search factory. :param search: Search instance. :param query_parser: Url arguments. :returns: Tuple with search instance and URL arguments. """ search, urlkwargs = default_search_factory(self, search) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) # Searching for existing email, everybody can do that if urlkwargs.get('q') and urlkwargs['q'].startswith('email:'): search = search.source(includes=['pid']) return (search, urlkwargs) # Super users can list all records if current_user_record.is_superuser: return (search, urlkwargs) # For admins, records are filtererd by user's organisation and they cannot # get superuser records. if current_user_record.is_admin: first_filter = Q('term', organisation__pid=current_organisation['pid']) second_filter = Q('bool', must_not={'exists': { 'field': 'organisation' }}) search = search \ .filter('bool', filter=first_filter | second_filter) \ .filter('bool', must_not={'term': {'role': 'superuser'}}) return (search, urlkwargs) # For remaining roles, they can only list themselves search = search.filter('term', pid=current_user_record['pid']) return (search, urlkwargs)
def search_factory(self, search, query_parser=None): """Documents search factory. :param search: Search instance. :param query_parser: Url arguments. :returns: Tuple with search instance and URL arguments. """ search, urlkwargs = default_search_factory(self, search, documents_query_parser) if current_app.config.get('SONAR_APP_DISABLE_PERMISSION_CHECKS'): return (search, urlkwargs) view = request.args.get('view') # Public search if view: # Don't display masked records search = search.filter('bool', should=[{ 'bool': { 'must_not': [{ 'exists': { 'field': 'masked' } }] } }, { 'bool': { 'filter': [{ 'term': { 'masked': 'not_masked' } }] } }, { 'bool': { 'must': [{ 'term': { 'masked': 'masked_for_external_ips' } }, { 'term': { 'organisation.ips': get_current_ip() } }] } }]) # Filter record by organisation view. if view != current_app.config.get('SONAR_APP_DEFAULT_ORGANISATION'): search = search.filter('term', organisation__pid=view) # Filter collection if request.args.get('collection_view'): search = search.filter( 'term', collections__pid=request.args['collection_view']) # Admin else: # Filters records by user's organisation if not current_user_record.is_superuser: search = search.filter( 'term', organisation__pid=current_organisation['pid']) return (search, urlkwargs)