2025-summer/team-3
12
Fork 0
Code Issues Pull requests Projects Releases Activity

only allow searching for locations with can_search=True

Browse source
This commit is contained in:
Laura Klünder 2016-12-22 03:29:07 +01:00
parent 0fb4dda274
commit c9dafa7942
5 changed files with 18 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/c3nav/access/apply.py
View file

@ -28,7 +28,7 @@ def can_access_package(request, package):
return request.c3nav_full_access or package.name in get_unlocked_packages_names(request) return request.c3nav_full_access or package.name in get_unlocked_packages_names(request)
def filter_queryset_by_package_access(request, queryset): def filter_queryset_by_access(request, queryset):
return queryset if request.c3nav_full_access else queryset.filter(package__in=get_unlocked_packages(request)) return queryset if request.c3nav_full_access else queryset.filter(package__in=get_unlocked_packages(request))

8
src/c3nav/editor/views.py
View file

@ -6,7 +6,7 @@ from django.http.response import Http404
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
from django.utils import translation from django.utils import translation
from c3nav.access.apply import can_access_package, filter_queryset_by_package_access from c3nav.access.apply import can_access_package, filter_queryset_by_access
from c3nav.editor.hosters import get_hoster_for_package, hosters from c3nav.editor.hosters import get_hoster_for_package, hosters
from c3nav.mapdata.models import AreaLocation from c3nav.mapdata.models import AreaLocation
from c3nav.mapdata.models.base import MAPITEM_TYPES from c3nav.mapdata.models.base import MAPITEM_TYPES
@ -17,10 +17,10 @@ from c3nav.mapdata.packageio.write import json_encode
def list_mapitemtypes(request, level): def list_mapitemtypes(request, level):
def get_item_count(mapitemtype): def get_item_count(mapitemtype):
if hasattr(mapitemtype, 'level'): if hasattr(mapitemtype, 'level'):
return filter_queryset_by_package_access(request, mapitemtype.objects.filter(level__name=level)).count() return filter_queryset_by_access(request, mapitemtype.objects.filter(level__name=level)).count()
if hasattr(mapitemtype, 'levels'): if hasattr(mapitemtype, 'levels'):
return filter_queryset_by_package_access(request, mapitemtype.objects.filter(levels__name=level)).count() return filter_queryset_by_access(request, mapitemtype.objects.filter(levels__name=level)).count()
return 0 return 0
@ -55,7 +55,7 @@ def list_mapitems(request, mapitem_type, level=None):
elif hasattr(mapitemtype, 'levels'): elif hasattr(mapitemtype, 'levels'):
queryset = queryset.filter(levels__name=level) queryset = queryset.filter(levels__name=level)
queryset = filter_queryset_by_package_access(request, queryset) queryset = filter_queryset_by_access(request, queryset)
if issubclass(mapitemtype, AreaLocation): if issubclass(mapitemtype, AreaLocation):
queryset = sorted(queryset, key=AreaLocation.get_sort_key) queryset = sorted(queryset, key=AreaLocation.get_sort_key)

10
src/c3nav/mapdata/api.py
View file

@ -9,7 +9,7 @@ from rest_framework.decorators import detail_route
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.viewsets import ReadOnlyModelViewSet, ViewSet from rest_framework.viewsets import ReadOnlyModelViewSet, ViewSet
from c3nav.access.apply import filter_queryset_by_package_access, get_unlocked_packages_names from c3nav.access.apply import filter_queryset_by_access, get_unlocked_packages_names
from c3nav.mapdata.models import GEOMETRY_MAPITEM_TYPES, AreaLocation, Level, LocationGroup, Package, Source from c3nav.mapdata.models import GEOMETRY_MAPITEM_TYPES, AreaLocation, Level, LocationGroup, Package, Source
from c3nav.mapdata.models.geometry import DirectedLineGeometryMapItemWithLevel from c3nav.mapdata.models.geometry import DirectedLineGeometryMapItemWithLevel
from c3nav.mapdata.search import get_location from c3nav.mapdata.search import get_location
@ -87,7 +87,7 @@ class GeometryViewSet(ViewSet):
queryset = queryset.filter(levels=level) queryset = queryset.filter(levels=level)
else: else:
queryset = queryset.none() queryset = queryset.none()
queryset = filter_queryset_by_package_access(request, queryset) queryset = filter_queryset_by_access(request, queryset)
queryset = queryset.order_by('name') queryset = queryset.order_by('name')
for field_name in ('package', 'level', 'crop_to_level', 'elevator'): for field_name in ('package', 'level', 'crop_to_level', 'elevator'):
@ -143,7 +143,7 @@ class SourceViewSet(CachedReadOnlyViewSetMixin, ReadOnlyModelViewSet):
include_package_access = True include_package_access = True
def get_queryset(self): def get_queryset(self):
return filter_queryset_by_package_access(self.request, super().get_queryset()) return filter_queryset_by_access(self.request, super().get_queryset().filter(can_search=True))
@detail_route(methods=['get']) @detail_route(methods=['get'])
def image(self, request, name=None): def image(self, request, name=None):
@ -168,9 +168,9 @@ class LocationViewSet(CachedReadOnlyViewSetMixin, ViewSet):
def list(self, request, **kwargs): def list(self, request, **kwargs):
locations = [] locations = []
locations += sorted(filter_queryset_by_package_access(request, AreaLocation.objects.filter(can_search=True)), locations += sorted(filter_queryset_by_access(request, AreaLocation.objects.filter(can_search=True)),
key=AreaLocation.get_sort_key, reverse=True) key=AreaLocation.get_sort_key, reverse=True)
locations += list(filter_queryset_by_package_access(request, LocationGroup.objects.filter(can_search=True))) locations += list(filter_queryset_by_access(request, LocationGroup.objects.filter(can_search=True)))
return Response([location.to_location_json() for location in locations]) return Response([location.to_location_json() for location in locations])
def retrieve(self, request, name=None, **kwargs): def retrieve(self, request, name=None, **kwargs):

1
src/c3nav/mapdata/models/locations.py
View file

@ -213,7 +213,6 @@ class AreaLocation(LocationModelMixin, GeometryMapItemWithLevel):
def get_geojson_properties(self): def get_geojson_properties(self):
result = super().get_geojson_properties() result = super().get_geojson_properties()
result['groups'] = tuple(self.groups.all().order_by('name').values_list('name', flat=True))
return result return result
def tofile(self): def tofile(self):

16
src/c3nav/mapdata/search.py
View file

@ -2,7 +2,7 @@ import re
from django.db.models import Q from django.db.models import Q
from c3nav.access.apply import filter_queryset_by_package_access from c3nav.access.apply import filter_queryset_by_access
from c3nav.mapdata.models import AreaLocation, LocationGroup from c3nav.mapdata.models import AreaLocation, LocationGroup
from c3nav.mapdata.models.locations import PointLocation from c3nav.mapdata.models.locations import PointLocation
from c3nav.mapdata.utils.cache import get_levels_cached from c3nav.mapdata.utils.cache import get_levels_cached
@ -18,9 +18,9 @@ def get_location(request, name):
return PointLocation(level=level, x=int(match.group('x'))/100, y=int(match.group('y'))/100) return PointLocation(level=level, x=int(match.group('x'))/100, y=int(match.group('y'))/100)
if name.startswith('g:'): if name.startswith('g:'):
return filter_queryset_by_package_access(request, LocationGroup.objects.filter(name=name[2:])).first() return filter_queryset_by_access(request, LocationGroup.objects.filter(name=name[2:], can_search=True)).first()
return filter_queryset_by_package_access(request, AreaLocation.objects.filter(name=name)).first() return filter_queryset_by_access(request, AreaLocation.objects.filter(name=name), can_search=True).first()
def filter_words(queryset, words): def filter_words(queryset, words):
@ -37,15 +37,15 @@ def search_location(request, search):
words = search.split(' ')[:10] words = search.split(' ')[:10]
queryset = AreaLocation.objects.all() queryset = AreaLocation.objects.filter(can_seach=True)
if isinstance(location, AreaLocation): if isinstance(location, AreaLocation):
queryset.exclude(name=location.name) queryset.exclude(name=location.name)
results += sorted(filter_words(filter_queryset_by_package_access(request, queryset), words), results += sorted(filter_words(filter_queryset_by_access(request, queryset), words),
key=AreaLocation.get_sort_key, reverse=True) key=AreaLocation.get_sort_key, reverse=True)
queryset = LocationGroup.objects.all() queryset = LocationGroup.objects.filter(can_seach=True)
if isinstance(location, LocationGroup): if isinstance(location, LocationGroup):
queryset.exclude(name=location.name) queryset.exclude(name='g:'+location.name)
results += list(filter_words(filter_queryset_by_package_access(request, queryset), words)[:10]) results += list(filter_words(filter_queryset_by_access(request, queryset), words)[:10])
return results return results