Add more comments about source parsing

1 year ago · 2050e6cb47
parent 7d0ebf87bd
commit 2050e6cb47
2 changed files with 13 additions and 0 deletions
--- a/core/db/elastic.py
+++ b/core/db/elastic.py
@ -542,6 +542,10 @@ class ElasticsearchBackend(StorageBackend):
        total_sources = (
            len(settings.MAIN_SOURCES) - 1 + len(settings.SOURCES_RESTRICTED)
        )
+
+        # If the sources the user has access to are equal to all
+        # possible sources, then we don't need to add the source
+        # filter to the query.
        if total_count != total_sources:
            add_top_tmp = {"bool": {"should": []}}
            for source_iter in sources:
--- a/core/lib/parsing.py
+++ b/core/lib/parsing.py
@ -98,6 +98,7 @@ def parse_source(user, query_params, raise_error=False):
    if "source" in query_params:
        source = query_params["source"]

+        # Validate permissions for restricted sources
        if source in settings.SOURCES_RESTRICTED:
            if not user.has_perm("core.restricted_sources"):
                message = f"Access denied: {source}"
@ -105,6 +106,8 @@ def parse_source(user, query_params, raise_error=False):
                    raise QueryError(message)
                message_class = "danger"
                return {"message": message, "class": message_class}
+
+        # Check validity of source
        elif source not in settings.MAIN_SOURCES:
            message = f"Invalid source: {source}"
            if raise_error:
@ -118,11 +121,17 @@ def parse_source(user, query_params, raise_error=False):
    if source:
        sources = [source]
    else:
+        # Here we need to populate what "all" means for the user.
+        # They may only have access to a subset of the sources.
+        # We build a custom source list with ones they have access
+        # to, and then remove "all" from the list.
        sources = list(settings.MAIN_SOURCES)
        if user.has_perm("core.restricted_sources"):
+            # If the user can use restricted sources, add them in.
            for source_iter in settings.SOURCES_RESTRICTED:
                sources.append(source_iter)

+    # Get rid of "all", it's just a meta-source
    if "all" in sources:
        sources.remove("all")