Close issue #77, add document view permission to the search app

2014-10-14 04:00:14 -04:00
parent 85c789c039
commit bc13129e3b
4 changed files with 30 additions and 22 deletions
--- a/mayan/apps/documents/init.py
+++ b/mayan/apps/documents/init.py
@@ -142,7 +142,7 @@ class_permissions(Document, [PERMISSION_DOCUMENT_DELETE,
                             PERMISSION_DOCUMENT_VIEW,
                             PERMISSION_HISTORY_VIEW])

-document_search = SearchModel('documents', 'Document', serializer=DocumentSerializer)
+document_search = SearchModel('documents', 'Document', permission=PERMISSION_DOCUMENT_VIEW, serializer=DocumentSerializer)
 document_search.add_model_field('document_type__name', label=_(u'Document type'))

 # TODO: move these to their respective apps
--- a/mayan/apps/dynamic_search/api_views.py
+++ b/mayan/apps/dynamic_search/api_views.py
@@ -44,9 +44,12 @@ class APISearchView(generics.ListAPIView):
    q -- Term that will be used for the search.
    """

+    filter_backends = (MayanObjectPermissionsFilter,)
+
    def get_queryset(self):
        document_search = SearchModel.get('documents.Document')
        self.serializer_class = document_search.serializer
+        self.mayan_object_permissions = {'GET': [document_search.permission]}

        if 'q' in self.request.GET:
            # Simple query
--- a/mayan/apps/dynamic_search/classes.py
+++ b/mayan/apps/dynamic_search/classes.py
@@ -23,13 +23,14 @@ class SearchModel(object):
    def get(cls, full_name):
        return cls.registry[full_name]

-    def __init__(self, app_label, model_name, serializer, label=None):
+    def __init__(self, app_label, model_name, serializer, label=None, permission=None):
        self.app_label = app_label
        self.model_name = model_name
        self.search_fields = {}
        self.model = get_model(app_label, model_name)
        self.label = label or self.model._meta.verbose_name
        self.serializer = serializer
+        self.permission = permission
        self.__class__.registry[self.get_full_name()] = self

    def get_full_name(self):
--- a/mayan/apps/dynamic_search/views.py
+++ b/mayan/apps/dynamic_search/views.py
@@ -3,12 +3,16 @@ from __future__ import absolute_import
 import logging
 import urlparse

+from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.utils.translation import ugettext_lazy as _

+from acls.models import AccessEntry
+from permissions.models import Permission
+
 from .classes import SearchModel
 from .forms import SearchForm, AdvancedSearchForm
 from .models import RecentSearch
@@ -40,6 +44,12 @@ def results(request, extra_context=None):
            logger.debug('advanced search')
            queryset, ids, timedelta = document_search.advanced_search(request.GET)

+        if document_search.permission:
+            try:
+                Permission.objects.check_permissions(request.user, [document_search.permission])
+            except PermissionDenied:
+                queryset = AccessEntry.objects.filter_objects_by_access(document_search.permission, request.user, queryset)
+
        # Update the context with the search results
        context.update({
            'object_list': queryset,
@@ -77,27 +87,21 @@ def search(request, advanced=False):
            }, context_instance=RequestContext(request)
        )
    else:
-        if request.GET.get('source') != 'sidebar':
-            # Don't include a form a top of the results if the search
-            # was originated from the sidebar search form
-            extra_context = {
-                'submit_label': _(u'Search'),
-                'submit_icon_famfam': 'zoom',
-                'form_title': _(u'Search'),
-                'form_hide_required_text': True,
-            }
-            if ('q' in request.GET) and request.GET['q'].strip():
-                query_string = request.GET['q']
-                form = SearchForm(initial={'q': query_string})
-                extra_context.update({'form': form})
-                return results(request, extra_context=extra_context)
-            else:
-                form = SearchForm()
-                extra_context.update({'form': form})
-                return results(request, extra_context=extra_context)
+        extra_context = {
+            'submit_label': _(u'Search'),
+            'submit_icon_famfam': 'zoom',
+            'form_title': _(u'Search'),
+            'form_hide_required_text': True,
+        }
+        if ('q' in request.GET) and request.GET['q'].strip():
+            query_string = request.GET['q']
+            form = SearchForm(initial={'q': query_string})
+            extra_context.update({'form': form})
+            return results(request, extra_context=extra_context)
        else:
-            # Already has a form with data, go to results
-            return results(request)
+            form = SearchForm()
+            extra_context.update({'form': form})
+            return results(request, extra_context=extra_context)


 def search_again(request):