Improve redaction and anonymous user handling
This commit is contained in:
parent
8b7fef59c5
commit
fc86aae119
|
@ -1,5 +1,4 @@
|
|||
from django.conf import settings
|
||||
from django.contrib.auth.models import AnonymousUser
|
||||
from opensearchpy import OpenSearch
|
||||
from opensearchpy.exceptions import RequestError
|
||||
|
||||
|
@ -80,9 +79,11 @@ def filter_blacklisted(user, response):
|
|||
"""
|
||||
response["redacted"] = 0
|
||||
response["exemption"] = None
|
||||
is_anonymous = isinstance(user, AnonymousUser)
|
||||
if user.is_superuser:
|
||||
response["exemption"] = True
|
||||
# is_anonymous = isinstance(user, AnonymousUser)
|
||||
# For every hit from ES
|
||||
for item in list(response["hits"]["hits"]):
|
||||
for index, item in enumerate(list(response["hits"]["hits"])):
|
||||
# For every blacklisted type
|
||||
for blacklisted_type in settings.OPENSEARCH_BLACKLISTED.keys():
|
||||
# Check this field we are matching exists
|
||||
|
@ -92,17 +93,20 @@ def filter_blacklisted(user, response):
|
|||
for blacklisted_item in settings.OPENSEARCH_BLACKLISTED[
|
||||
blacklisted_type
|
||||
]:
|
||||
if blacklisted_item in str(content):
|
||||
if blacklisted_item == str(content):
|
||||
# Remove the item
|
||||
if item in response["hits"]["hits"]:
|
||||
# Anonymous
|
||||
if is_anonymous:
|
||||
if user.is_anonymous:
|
||||
response["hits"]["hits"].remove(item)
|
||||
else:
|
||||
if not user.is_superuser:
|
||||
response["hits"]["hits"].remove(item)
|
||||
else:
|
||||
response["exemption"] = True
|
||||
response["hits"]["hits"][index]["_source"][
|
||||
"exemption"
|
||||
] = True
|
||||
|
||||
# Let the UI know something was redacted
|
||||
response["redacted"] += 1
|
||||
|
||||
|
@ -136,9 +140,9 @@ def query_results(request, size=None):
|
|||
Accept a HTTP request object. Run the query, and annotate the
|
||||
results with the other data we have.
|
||||
"""
|
||||
is_anonymous = isinstance(request.user, AnonymousUser)
|
||||
if is_anonymous:
|
||||
sizes = ["5", "10", "15", "20"]
|
||||
# is_anonymous = isinstance(request.user, AnonymousUser)
|
||||
if request.user.is_anonymous:
|
||||
sizes = settings.OPENSEARCH_MAIN_SIZES_ANON
|
||||
else:
|
||||
sizes = settings.OPENSEARCH_MAIN_SIZES
|
||||
if not size:
|
||||
|
@ -148,13 +152,10 @@ def query_results(request, size=None):
|
|||
return False
|
||||
if "query" in request.POST:
|
||||
query = request.POST["query"]
|
||||
if hasattr(request, "user"):
|
||||
user = request.user
|
||||
else:
|
||||
user = None
|
||||
|
||||
results = run_main_query(
|
||||
client,
|
||||
user, # passed through run_main_query to filter_blacklisted
|
||||
request.user, # passed through run_main_query to filter_blacklisted
|
||||
query,
|
||||
size=size,
|
||||
)
|
||||
|
|
|
@ -28,8 +28,9 @@
|
|||
</thead>
|
||||
<tbody>
|
||||
{% for item in results %}
|
||||
<tr>
|
||||
{% if item.type == 'join' %}
|
||||
{% if item.exemption == True %}
|
||||
<tr class="has-background-grey-lighter">
|
||||
{% elif item.type == 'join' %}
|
||||
<tr class="has-background-success-light">
|
||||
{% elif item.type == 'quit' %}
|
||||
<tr class="has-background-danger-light">
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
import json
|
||||
|
||||
from django.conf import settings
|
||||
from django.contrib.auth.models import AnonymousUser
|
||||
from django.http import HttpResponse, HttpResponseForbidden, JsonResponse
|
||||
from django.shortcuts import render
|
||||
from django.views import View
|
||||
|
@ -24,9 +23,8 @@ class Drilldown(View):
|
|||
def get(self, request):
|
||||
# if not request.user.has_plan(self.plan_name):
|
||||
# return render(request, "denied.html")
|
||||
is_anonymous = isinstance(request.user, AnonymousUser)
|
||||
if is_anonymous:
|
||||
sizes = ["5", "10", "15", "20"]
|
||||
if request.user.is_anonymous:
|
||||
sizes = settings.OPENSEARCH_MAIN_SIZES_ANON
|
||||
else:
|
||||
sizes = settings.OPENSEARCH_MAIN_SIZES
|
||||
context = {
|
||||
|
|
Loading…
Reference in New Issue