Improve drilldown handlers and implement index permissions

2 years ago · 0e7fb8d261
parent 6dd0674aae
commit 0e7fb8d261
4 changed files with 44 additions and 54 deletions
--- a/core/lib/opensearch.py
+++ b/core/lib/opensearch.py
@ -392,19 +392,27 @@ def query_results(
        if index == "main":
            index = settings.OPENSEARCH_INDEX_MAIN
        else:
-            if request.user.is_superuser:
-                if index == "meta":
-                    index = settings.OPENSEARCH_INDEX_META
-                elif index == "int":
-                    index = settings.OPENSEARCH_INDEX_INT
-                else:
-                    message = "Index is not valid."
-                    message_class = "danger"
-                    return {"message": message, "class": message_class}
-            else:
+            if not request.user.has_perm(f"index_{index}"):
                message = "Not permitted to search by this index"
                message_class = "danger"
-                return {"message": message, "class": message_class}
+                return {
+                    "message": message,
+                    "class": message_class,
+                    "params": query_params,
+                }
+            if index == "meta":
+                index = settings.OPENSEARCH_INDEX_META
+            elif index == "int":
+                index = settings.OPENSEARCH_INDEX_INT
+            else:
+                message = "Index is not valid."
+                message_class = "danger"
+                return {
+                    "message": message,
+                    "class": message_class,
+                    "params": query_params,
+                }
+
    else:
        index = settings.OPENSEARCH_INDEX_MAIN

--- a/core/models.py
+++ b/core/models.py
@ -113,4 +113,6 @@ class Perms(models.Model):
            ("post_irc", "Can post to IRC"),
            ("post_discord", "Can post to Discord"),
            ("query_search", "Can search with query strings"),
+            ("index_int", "Can use the internal index"),
+            ("index_meta", "Can use the meta index"),
        )
--- a/core/templates/ui/drilldown/drilldown.html
+++ b/core/templates/ui/drilldown/drilldown.html
@ -60,16 +60,12 @@
                            `${field}:${value}`,
                            `${field}:"${value}"`];
        var toAppend = ` AND ${field}: "${value}"`;
-        // var toRemove = `${field}: "${value}"`;
-        // var tagText = `${field}: ${value}`;
      } else {
        var combinations = [`NOT ${field}: "${value}"`,
                            `NOT ${field}: "${value}"`,
                            `NOT ${field}: ${value}`,
                            `NOT ${field}:${value}`,
                            `NOT ${field}:"${value}"`];
-        // var toAppend = ` AND NOT ${field}: "${value}"`;
-        // var toRemove = `NOT ${field}: "${value}"`;
      }
      var contains = combinations.some(elem => queryElement.value.includes(elem));
      if (!contains) {
@ -80,17 +76,8 @@
          queryElement.value = queryElement.value.replaceAll("AND "+combination, "");
          queryElement.value = queryElement.value.replaceAll(combination, "");
        }
-          // queryElement.value = queryElement.value.replaceAll(toAppend, "");
-          // queryElement.value = queryElement.value.replaceAll(toRemove, "");
-
      }
-      // if (!queryElement.value.includes(toAppend) && !queryElement.value.includes(toRemove)) {
-      //   queryElement.value+=toAppend;
-      // } else {
-      //     queryElement.value = queryElement.value.replaceAll(toAppend, "");
-      //     queryElement.value = queryElement.value.replaceAll(toRemove, "");

-      // }
      if (field == "src") {
        document.getElementById("source").selectedIndex = 2;
      }
@ -104,6 +91,7 @@
    }
  </script>
  <div>
+    {% include 'partials/notify.html' %}
    <form method="POST" hx-post="{% url 'search' %}"
          hx-trigger="change"
          hx-target="#results"
--- a/core/views/ui/drilldown.py
+++ b/core/views/ui/drilldown.py
@ -105,13 +105,6 @@ def drilldown_search(request, return_context=False, template=None):
    query_params.update(tmp_post)
    query_params.update(tmp_get)

-    if "index" in query_params:
-        if not request.user.is_superuser and not query_params["index"] == "main":
-            message = "You can't use the index parameter"
-            message_class = "danger"
-            context = {"message": message, "class": message_class}
-            return render(request, template_name, context)
-
    # Parse the dates
    if "dates" in query_params:
        dates = parse_dates(query_params["dates"])
@ -126,20 +119,23 @@ def drilldown_search(request, return_context=False, template=None):

    if "query" in query_params:
        context = query_results(request, query_params)
+
+        # Turn the query into tags for populating the taglist
+        tags = create_tags(query_params["query"])
+        context["tags"] = tags
    else:
        context = {"object_list": []}

+    # Valid sizes
+    context["sizes"] = sizes
+
    # URI we're passing to the template for linking
    if "csrfmiddlewaretoken" in query_params:
        del query_params["csrfmiddlewaretoken"]
+
    url_params = urllib.parse.urlencode(query_params)
    context["client_uri"] = url_params

-    # Turn the query into tags for populating the taglist
-    if "query" in query_params:
-        tags = create_tags(query_params["query"])
-        context["tags"] = tags
-
    context["params"] = query_params
    if "message" in context:
        response = render(request, template_name, context)
@ -154,27 +150,23 @@ def drilldown_search(request, return_context=False, template=None):
    graph = make_graph(context["object_list"])
    context["data"] = graph

-    if context:
-        context["sizes"] = sizes
-        context = make_table(context)
+    context = make_table(context)

-        # URI we're passing to the template for linking, table fields removed
-        table_fields = ["page", "sort"]
-        clean_params = {k: v for k, v in query_params.items() if k not in table_fields}
-        clean_url_params = urllib.parse.urlencode(clean_params)
-        context["uri"] = clean_url_params
+    # URI we're passing to the template for linking, table fields removed
+    table_fields = ["page", "sort"]
+    clean_params = {k: v for k, v in query_params.items() if k not in table_fields}
+    clean_url_params = urllib.parse.urlencode(clean_params)
+    context["uri"] = clean_url_params

-        response = render(request, template_name, context)
-        if request.GET:
-            if request.htmx:
-                response["HX-Push"] = reverse("home") + "?" + url_params
-        elif request.POST:
+    response = render(request, template_name, context)
+    if request.GET:
+        if request.htmx:
            response["HX-Push"] = reverse("home") + "?" + url_params
-        if return_context:
-            return context
-        return response
-    else:
-        return HttpResponse("No results")
+    elif request.POST:
+        response["HX-Push"] = reverse("home") + "?" + url_params
+    if return_context:
+        return context
+    return response


 class DrilldownTableView(SingleTableView):