Add more comments about source parsing

This commit is contained in:
Mark Veidemanis 2023-02-10 07:20:36 +00:00
parent 7d0ebf87bd
commit 2050e6cb47
Signed by: m
GPG Key ID: 5ACFCEED46C0904F
2 changed files with 13 additions and 0 deletions

View File

@ -542,6 +542,10 @@ class ElasticsearchBackend(StorageBackend):
total_sources = ( total_sources = (
len(settings.MAIN_SOURCES) - 1 + len(settings.SOURCES_RESTRICTED) len(settings.MAIN_SOURCES) - 1 + len(settings.SOURCES_RESTRICTED)
) )
# If the sources the user has access to are equal to all
# possible sources, then we don't need to add the source
# filter to the query.
if total_count != total_sources: if total_count != total_sources:
add_top_tmp = {"bool": {"should": []}} add_top_tmp = {"bool": {"should": []}}
for source_iter in sources: for source_iter in sources:

View File

@ -98,6 +98,7 @@ def parse_source(user, query_params, raise_error=False):
if "source" in query_params: if "source" in query_params:
source = query_params["source"] source = query_params["source"]
# Validate permissions for restricted sources
if source in settings.SOURCES_RESTRICTED: if source in settings.SOURCES_RESTRICTED:
if not user.has_perm("core.restricted_sources"): if not user.has_perm("core.restricted_sources"):
message = f"Access denied: {source}" message = f"Access denied: {source}"
@ -105,6 +106,8 @@ def parse_source(user, query_params, raise_error=False):
raise QueryError(message) raise QueryError(message)
message_class = "danger" message_class = "danger"
return {"message": message, "class": message_class} return {"message": message, "class": message_class}
# Check validity of source
elif source not in settings.MAIN_SOURCES: elif source not in settings.MAIN_SOURCES:
message = f"Invalid source: {source}" message = f"Invalid source: {source}"
if raise_error: if raise_error:
@ -118,11 +121,17 @@ def parse_source(user, query_params, raise_error=False):
if source: if source:
sources = [source] sources = [source]
else: else:
# Here we need to populate what "all" means for the user.
# They may only have access to a subset of the sources.
# We build a custom source list with ones they have access
# to, and then remove "all" from the list.
sources = list(settings.MAIN_SOURCES) sources = list(settings.MAIN_SOURCES)
if user.has_perm("core.restricted_sources"): if user.has_perm("core.restricted_sources"):
# If the user can use restricted sources, add them in.
for source_iter in settings.SOURCES_RESTRICTED: for source_iter in settings.SOURCES_RESTRICTED:
sources.append(source_iter) sources.append(source_iter)
# Get rid of "all", it's just a meta-source
if "all" in sources: if "all" in sources:
sources.remove("all") sources.remove("all")