Skip to content

Commit

Permalink
implement get_search_ui_permissions_bulk in arches_default_allow, re #…
Browse files Browse the repository at this point in the history 
…11708
  • Loading branch information
@whatisgalen
whatisgalen committed Jan 2, 2025
1 parent 42db636 commit c424c9b
Showing 1 changed file with 62 additions and 0 deletions.
62 changes: 62 additions & 0 deletions arches/app/permissions/arches_default_allow.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,68 @@ def process_new_user(self, instance: User, created: bool) -> None:
resource.createdtime = resource_instance.createdtime
resource.index() # type: ignore

def get_search_ui_permissions_bulk(
self, user: User, search_results: list, groups
) -> list:
"""
Determintes whether or not read/edit buttons show up in search results.
"""
user_read_permissions = self.get_resource_types_by_perm(
user,
[
"models.write_nodegroup",
"models.delete_nodegroup",
"models.read_nodegroup",
],
)

user_can_read = len(user_read_permissions) > 0
user_can_edit = len(self.get_editable_resource_types(user)) > 0
for result in search_results:

# validate permissions structure for search result
deny_read_exists = (
"permissions" in result["_source"]
and "users_without_read_perm" in result["_source"]["permissions"]
)
deny_edit_exists = (
"permissions" in result["_source"]
and "users_without_edit_perm" in result["_source"]["permissions"]
)

if not deny_read_exists or not deny_edit_exists:
logger.warning(
"""
PROBLEM WITH INDEX - it appears that your index permissions are malformed.
This can happen when switching permission frameworks and may cause search
results to appear incorrectly or with invalid permissions. You can correct it by reindexing arches.
"""
)

result["can_read"] = (
deny_read_exists
and (
user.id
not in result["_source"]["permissions"]["users_without_read_perm"]
)
) and user_can_read

result["can_edit"] = (
deny_edit_exists
and (
user.id
not in result["_source"]["permissions"]["users_without_edit_perm"]
)
) and user_can_edit

result["is_principal"] = (
"permissions" in result["_source"]
and "principal_user" in result["_source"]["permissions"]
and user.id in result["_source"]["permissions"]["principal_user"]
)

return search_results

def get_search_ui_permissions(
self, user: User, search_result: dict, groups
) -> dict:
Expand Down

0 comments on commit c424c9b

Please sign in to comment.