diff --git a/core/lib/opensearch.py b/core/lib/opensearch.py index b66c713..e503bbc 100644 --- a/core/lib/opensearch.py +++ b/core/lib/opensearch.py @@ -370,14 +370,13 @@ def query_results( } } } - if not settings.DELAY_RESULTS: - add_top.append(range_query) - else: - date_query = True + date_query = True - if settings.DELAY_RESULTS: - if date_query: - if not request.user.has_perm("bypass_delay"): + if date_query: + if settings.DELAY_RESULTS: + if request.user.has_perm("core.bypass_delay"): + add_top.append(range_query) + else: delay_as_ts = datetime.now() - timedelta(days=settings.DELAY_DURATION) lt_as_ts = datetime.strptime( range_query["range"]["ts"]["lt"], "%Y-%m-%dT%H:%MZ" @@ -386,15 +385,20 @@ def query_results( range_query["range"]["ts"]["lt"] = f"now-{settings.DELAY_DURATION}d" add_top.append(range_query) else: - range_query = { - "range": { - "ts": { - # "gt": , - "lt": f"now-{settings.DELAY_DURATION}d", + add_top.append(range_query) + else: + if settings.DELAY_RESULTS: + if not request.user.has_perm("core.bypass_delay"): + range_query = { + "range": { + "ts": { + # "gt": , + "lt": f"now-{settings.DELAY_DURATION}d", + } } } - } - add_top.append(range_query) + add_top.append(range_query) + if "sorting" in query_params: sorting = query_params["sorting"] if sorting not in ("asc", "desc", "none"): @@ -451,7 +455,7 @@ def query_results( query_created = True elif "query_full" in query_params: query_full = query_params["query_full"] - if request.user.has_perm("query_search"): + if request.user.has_perm("core.query_search"): search_query = construct_query(query_full, size) query_created = True else: @@ -502,7 +506,7 @@ def query_results( if index == "main": index = settings.OPENSEARCH_INDEX_MAIN else: - if not request.user.has_perm(f"index_{index}"): + if not request.user.has_perm(f"core.index_{index}"): message = "Not permitted to search by this index" message_class = "danger" return { @@ -588,10 +592,10 @@ def query_results( if query: context["query"] = query if settings.DELAY_RESULTS: - if not request.user.has_perm("bypass_delay"): + if not request.user.has_perm("core.bypass_delay"): context["delay"] = settings.DELAY_DURATION if settings.RANDOMISATION: - if not request.user.has_perm("bypass_randomisation"): + if not request.user.has_perm("core.bypass_randomisation"): context["randomised"] = True return context diff --git a/core/templates/ui/drilldown/table_results.html b/core/templates/ui/drilldown/table_results.html index 7917352..591b0fd 100644 --- a/core/templates/ui/drilldown/table_results.html +++ b/core/templates/ui/drilldown/table_results.html @@ -10,36 +10,40 @@
- + + +
-

fetched {{ table.data|length }} of {{ card }} hits in {{ took }}ms

+

{{ table.data|length }} hits in {{ took }}ms

{% if exemption is not None %}
- + + +
{% else %} {% if redacted != 0 %}
-

{{ redacted }} redacted

+ + +
{% endif %} {% endif %} {% if delay is not None %}
-
+ -
- delayed by {{ delay }} days +
{% endif %} {% if randomised is True %}
-
+ -
- integer fields randomised +
{% endif %}
diff --git a/core/views/helpers.py b/core/views/helpers.py index 1e620db..cf44b54 100644 --- a/core/views/helpers.py +++ b/core/views/helpers.py @@ -92,7 +92,7 @@ def randomise_list(user, data): """ Randomise data in a list of dictionaries. """ - if user.has_perm("bypass_randomisation"): + if user.has_perm("core.bypass_randomisation"): return if isinstance(data, list): for index, item in enumerate(data): @@ -117,8 +117,10 @@ def obfuscate_list(user, data): """ Obfuscate data in a list of dictionaries. """ - if user.has_perm("bypass_obfuscation"): + if user.has_perm("core.bypass_obfuscation"): + print("USER HAS PERM") return + print("NO HAVE PERM") for index, item in enumerate(data): for key, value in item.items(): # Obfuscate a ratio of the field @@ -162,7 +164,7 @@ def hash_list(user, data, hash_keys=False): """ Hash a list of dicts or a list with SipHash42. """ - if user.has_perm("bypass_hashing"): + if user.has_perm("core.bypass_hashing"): return cache = "cache.hash" hash_table = {} @@ -214,7 +216,7 @@ def hash_lookup(user, data_dict): denied = [] for key, value in list(data_dict.items()): if key in settings.SEARCH_FIELDS_DENY: - if not user.has_perm("bypass_hashing"): + if not user.has_perm("core.bypass_hashing"): data_dict[key] = SearchDenied(key=key, value=data_dict[key]) denied.append(data_dict[key]) if ( @@ -236,7 +238,7 @@ def hash_lookup(user, data_dict): hashes.append(h) if not hashes: # Otherwise the user could inject plaintext search queries - if not user.has_perm("bypass_hashing"): + if not user.has_perm("core.bypass_hashing"): data_dict[key] = SearchDenied(key=key, value=data_dict[key]) denied.append(data_dict[key]) continue @@ -275,7 +277,7 @@ def hash_lookup(user, data_dict): def encrypt_list(user, data, secret): - if user.has_perm("bypass_encryption"): + if user.has_perm("core.bypass_encryption"): return cipher = Cipher(algorithms.AES(secret), ECB()) for index, item in enumerate(data): diff --git a/core/views/ui/drilldown.py b/core/views/ui/drilldown.py index 41b8ded..572451a 100644 --- a/core/views/ui/drilldown.py +++ b/core/views/ui/drilldown.py @@ -369,7 +369,7 @@ class DrilldownContextModal(APIView): return render(request, self.template_name, results) if settings.HASHING: # we probably want to see the tokens - if not request.user.has_perm("bypass_hashing"): + if not request.user.has_perm("core.bypass_hashing"): for index, item in enumerate(results["object_list"]): if "tokens" in item: results["object_list"][index]["msg"] = results["object_list"][