From 4df8afef1c13e0850c06aba998ad1ff28880dc6d Mon Sep 17 00:00:00 2001 From: Mark Veidemanis Date: Thu, 21 Jul 2022 13:49:32 +0100 Subject: [PATCH] Improve context passing and implement superuser override for redactions --- core/lib/opensearch.py | 27 ++++++++++++++++++--------- core/templates/ui/drilldown.html | 24 ++++++++++-------------- core/ui/views/drilldown.py | 17 +++++++++++++---- 3 files changed, 41 insertions(+), 27 deletions(-) diff --git a/core/lib/opensearch.py b/core/lib/opensearch.py index cfbda5e..85c11e1 100644 --- a/core/lib/opensearch.py +++ b/core/lib/opensearch.py @@ -25,13 +25,13 @@ def initialise_opensearch(): return client -def construct_query(query, fields, results): +def construct_query(query, fields, size): if not fields: fields = settings.OPENSEARCH_MAIN_SEARCH_FIELDS - if not results: - results = 5 + if not size: + size = 5 query = { - "size": results, + "size": size, "query": { "query_string": { "query": query, @@ -61,7 +61,7 @@ def construct_query(query, fields, results): return query -def filter_blacklisted(response): +def filter_blacklisted(user, response): pp.pprint(response["hits"]["hits"]) print("LEN", len(response["hits"]["hits"])) response["redacted"] = 0 @@ -79,15 +79,24 @@ def filter_blacklisted(response): if blacklisted_item in str(content): # Remove the item if item in response["hits"]["hits"]: - response["hits"]["hits"].remove(item) + if not user.is_superuser: + response["hits"]["hits"].remove(item) # Let the UI know something was redacted response["redacted"] += 1 + response["exemption"] = True -def run_main_query(client, query, fields=None, results=None): - search_query = construct_query(query, fields, results) +def run_main_query(client, user, query, fields=None, size=None): + if fields: + for field in fields: + if field not in settings.OPENSEARCH_MAIN_SEARCH_FIELDS: + return False + if size: + if size not in settings.OPENSEARCH_MAIN_SIZES: + return False + search_query = construct_query(query, fields, size) # fmt: off response = client.search(body=search_query, index=settings.OPENSEARCH_INDEX_MAIN) - filter_blacklisted(response) + filter_blacklisted(user, response) return response diff --git a/core/templates/ui/drilldown.html b/core/templates/ui/drilldown.html index 47153b1..5da3b48 100644 --- a/core/templates/ui/drilldown.html +++ b/core/templates/ui/drilldown.html @@ -27,12 +27,9 @@
@@ -65,14 +62,10 @@
- + {% for size in sizes %} + + {% endfor %} @@ -127,6 +120,9 @@

{{ card }} hits

{{ redacted }} redacted

+ {% if exemption is not None %} +

redaction overriden by superuser

+ {% endif %}

{{ took }}ms

{% endif %} diff --git a/core/ui/views/drilldown.py b/core/ui/views/drilldown.py index 90518bc..ca46b6b 100644 --- a/core/ui/views/drilldown.py +++ b/core/ui/views/drilldown.py @@ -18,7 +18,11 @@ class Drilldown(LoginRequiredMixin, View): def get(self, request): if not request.user.has_plan(self.plan_name): return render(request, "denied.html") - context = {"fields": settings.OPENSEARCH_MAIN_SEARCH_FIELDS} + context = { + "fields": settings.OPENSEARCH_MAIN_SEARCH_FIELDS, + "sizes": settings.OPENSEARCH_MAIN_SIZES, + "timescales": settings.OPENSEARCH_MAIN_TIMESCALES, + } return render(request, self.template_name, context) def post(self, request): @@ -27,13 +31,15 @@ class Drilldown(LoginRequiredMixin, View): fields = None if "fields" in request.POST: fields = request.POST.getlist("fields") - if "results" in request.POST: - results = request.POST["results"] + if "size" in request.POST: + size = request.POST["size"] if "query" in request.POST: query = request.POST["query"] # field = results.POST["field"] # print("FIELD ", field) - results = run_main_query(client, query, fields, results) + results = run_main_query(client, request.user, query, fields, size) + if not results: + return render(request, "denied.html") # pp.pprint(results) results_parsed = [] if "hits" in results.keys(): @@ -46,7 +52,10 @@ class Drilldown(LoginRequiredMixin, View): "card": results["hits"]["total"]["value"], "took": results["took"], "redacted": results["redacted"], + "exemption": results["exemption"], "fields": settings.OPENSEARCH_MAIN_SEARCH_FIELDS, + "sizes": settings.OPENSEARCH_MAIN_SIZES, + "timescales": settings.OPENSEARCH_MAIN_TIMESCALES, } return render(request, self.template_name, context) return render(request, self.template_name)