Improve drilldown handlers and implement index permissions

2022-08-26 07:20:30 +01:00
parent 6dd0674aae
commit 0e7fb8d261
4 changed files with 44 additions and 54 deletions
--- a/core/lib/opensearch.py
+++ b/core/lib/opensearch.py
@@ -392,19 +392,27 @@ def query_results(
        if index == "main":
            index = settings.OPENSEARCH_INDEX_MAIN
        else:
-            if request.user.is_superuser:
-                if index == "meta":
-                    index = settings.OPENSEARCH_INDEX_META
-                elif index == "int":
-                    index = settings.OPENSEARCH_INDEX_INT
-                else:
-                    message = "Index is not valid."
-                    message_class = "danger"
-                    return {"message": message, "class": message_class}
-            else:
+            if not request.user.has_perm(f"index_{index}"):
                message = "Not permitted to search by this index"
                message_class = "danger"
-                return {"message": message, "class": message_class}
+                return {
+                    "message": message,
+                    "class": message_class,
+                    "params": query_params,
+                }
+            if index == "meta":
+                index = settings.OPENSEARCH_INDEX_META
+            elif index == "int":
+                index = settings.OPENSEARCH_INDEX_INT
+            else:
+                message = "Index is not valid."
+                message_class = "danger"
+                return {
+                    "message": message,
+                    "class": message_class,
+                    "params": query_params,
+                }
+
    else:
        index = settings.OPENSEARCH_INDEX_MAIN