only allow searching for locations with can_search=True
This commit is contained in:
Laura Klünder
parent
0fb4dda274
commit
c9dafa7942
5 changed files with 18 additions and 19 deletions
|
|
@ -28,7 +28,7 @@ def can_access_package(request, package):
|
|||
return request.c3nav_full_access or package.name in get_unlocked_packages_names(request)
|
||||
|
||||
|
||||
def filter_queryset_by_package_access(request, queryset):
|
||||
def filter_queryset_by_access(request, queryset):
|
||||
return queryset if request.c3nav_full_access else queryset.filter(package__in=get_unlocked_packages(request))
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ from django.http.response import Http404
|
|||
from django.shortcuts import get_object_or_404, redirect, render
|
||||
from django.utils import translation
|
||||
|
||||
from c3nav.access.apply import can_access_package, filter_queryset_by_package_access
|
||||
from c3nav.access.apply import can_access_package, filter_queryset_by_access
|
||||
from c3nav.editor.hosters import get_hoster_for_package, hosters
|
||||
from c3nav.mapdata.models import AreaLocation
|
||||
from c3nav.mapdata.models.base import MAPITEM_TYPES
|
||||
|
|
@ -17,10 +17,10 @@ from c3nav.mapdata.packageio.write import json_encode
|
|||
def list_mapitemtypes(request, level):
|
||||
def get_item_count(mapitemtype):
|
||||
if hasattr(mapitemtype, 'level'):
|
||||
return filter_queryset_by_package_access(request, mapitemtype.objects.filter(level__name=level)).count()
|
||||
return filter_queryset_by_access(request, mapitemtype.objects.filter(level__name=level)).count()
|
||||
|
||||
if hasattr(mapitemtype, 'levels'):
|
||||
return filter_queryset_by_package_access(request, mapitemtype.objects.filter(levels__name=level)).count()
|
||||
return filter_queryset_by_access(request, mapitemtype.objects.filter(levels__name=level)).count()
|
||||
|
||||
return 0
|
||||
|
||||
|
|
@ -55,7 +55,7 @@ def list_mapitems(request, mapitem_type, level=None):
|
|||
elif hasattr(mapitemtype, 'levels'):
|
||||
queryset = queryset.filter(levels__name=level)
|
||||
|
||||
queryset = filter_queryset_by_package_access(request, queryset)
|
||||
queryset = filter_queryset_by_access(request, queryset)
|
||||
|
||||
if issubclass(mapitemtype, AreaLocation):
|
||||
queryset = sorted(queryset, key=AreaLocation.get_sort_key)
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ from rest_framework.decorators import detail_route
|
|||
from rest_framework.response import Response
|
||||
from rest_framework.viewsets import ReadOnlyModelViewSet, ViewSet
|
||||
|
||||
from c3nav.access.apply import filter_queryset_by_package_access, get_unlocked_packages_names
|
||||
from c3nav.access.apply import filter_queryset_by_access, get_unlocked_packages_names
|
||||
from c3nav.mapdata.models import GEOMETRY_MAPITEM_TYPES, AreaLocation, Level, LocationGroup, Package, Source
|
||||
from c3nav.mapdata.models.geometry import DirectedLineGeometryMapItemWithLevel
|
||||
from c3nav.mapdata.search import get_location
|
||||
|
|
@ -87,7 +87,7 @@ class GeometryViewSet(ViewSet):
|
|||
queryset = queryset.filter(levels=level)
|
||||
else:
|
||||
queryset = queryset.none()
|
||||
queryset = filter_queryset_by_package_access(request, queryset)
|
||||
queryset = filter_queryset_by_access(request, queryset)
|
||||
queryset = queryset.order_by('name')
|
||||
|
||||
for field_name in ('package', 'level', 'crop_to_level', 'elevator'):
|
||||
|
|
@ -143,7 +143,7 @@ class SourceViewSet(CachedReadOnlyViewSetMixin, ReadOnlyModelViewSet):
|
|||
include_package_access = True
|
||||
|
||||
def get_queryset(self):
|
||||
return filter_queryset_by_package_access(self.request, super().get_queryset())
|
||||
return filter_queryset_by_access(self.request, super().get_queryset().filter(can_search=True))
|
||||
|
||||
@detail_route(methods=['get'])
|
||||
def image(self, request, name=None):
|
||||
|
|
@ -168,9 +168,9 @@ class LocationViewSet(CachedReadOnlyViewSetMixin, ViewSet):
|
|||
|
||||
def list(self, request, **kwargs):
|
||||
locations = []
|
||||
locations += sorted(filter_queryset_by_package_access(request, AreaLocation.objects.filter(can_search=True)),
|
||||
locations += sorted(filter_queryset_by_access(request, AreaLocation.objects.filter(can_search=True)),
|
||||
key=AreaLocation.get_sort_key, reverse=True)
|
||||
locations += list(filter_queryset_by_package_access(request, LocationGroup.objects.filter(can_search=True)))
|
||||
locations += list(filter_queryset_by_access(request, LocationGroup.objects.filter(can_search=True)))
|
||||
return Response([location.to_location_json() for location in locations])
|
||||
|
||||
def retrieve(self, request, name=None, **kwargs):
|
||||
|
|
|
|||
|
|
@ -213,7 +213,6 @@ class AreaLocation(LocationModelMixin, GeometryMapItemWithLevel):
|
|||
|
||||
def get_geojson_properties(self):
|
||||
result = super().get_geojson_properties()
|
||||
result['groups'] = tuple(self.groups.all().order_by('name').values_list('name', flat=True))
|
||||
return result
|
||||
|
||||
def tofile(self):
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ import re
|
|||
|
||||
from django.db.models import Q
|
||||
|
||||
from c3nav.access.apply import filter_queryset_by_package_access
|
||||
from c3nav.access.apply import filter_queryset_by_access
|
||||
from c3nav.mapdata.models import AreaLocation, LocationGroup
|
||||
from c3nav.mapdata.models.locations import PointLocation
|
||||
from c3nav.mapdata.utils.cache import get_levels_cached
|
||||
|
|
@ -18,9 +18,9 @@ def get_location(request, name):
|
|||
return PointLocation(level=level, x=int(match.group('x'))/100, y=int(match.group('y'))/100)
|
||||
|
||||
if name.startswith('g:'):
|
||||
return filter_queryset_by_package_access(request, LocationGroup.objects.filter(name=name[2:])).first()
|
||||
return filter_queryset_by_access(request, LocationGroup.objects.filter(name=name[2:], can_search=True)).first()
|
||||
|
||||
return filter_queryset_by_package_access(request, AreaLocation.objects.filter(name=name)).first()
|
||||
return filter_queryset_by_access(request, AreaLocation.objects.filter(name=name), can_search=True).first()
|
||||
|
||||
|
||||
def filter_words(queryset, words):
|
||||
|
|
@ -37,15 +37,15 @@ def search_location(request, search):
|
|||
|
||||
words = search.split(' ')[:10]
|
||||
|
||||
queryset = AreaLocation.objects.all()
|
||||
queryset = AreaLocation.objects.filter(can_seach=True)
|
||||
if isinstance(location, AreaLocation):
|
||||
queryset.exclude(name=location.name)
|
||||
results += sorted(filter_words(filter_queryset_by_package_access(request, queryset), words),
|
||||
results += sorted(filter_words(filter_queryset_by_access(request, queryset), words),
|
||||
key=AreaLocation.get_sort_key, reverse=True)
|
||||
|
||||
queryset = LocationGroup.objects.all()
|
||||
queryset = LocationGroup.objects.filter(can_seach=True)
|
||||
if isinstance(location, LocationGroup):
|
||||
queryset.exclude(name=location.name)
|
||||
results += list(filter_words(filter_queryset_by_package_access(request, queryset), words)[:10])
|
||||
queryset.exclude(name='g:'+location.name)
|
||||
results += list(filter_words(filter_queryset_by_access(request, queryset), words)[:10])
|
||||
|
||||
return results
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue