Skip to content

Commit

Permalink
feat: hide all information_system attributes from es search
Browse files Browse the repository at this point in the history
Previously we restricted the information system from basic filters and
views for unauthenticated users.
This adds hiding the InformationSystem attribues from unauthenticated
users in elastic backed searches as well.

Refs TIED-171
  • Loading branch information
nicobav committed Dec 18, 2024
1 parent 2e38472 commit 2885ae3
Show file tree
Hide file tree
Showing 5 changed files with 421 additions and 40 deletions.
7 changes: 6 additions & 1 deletion search_indices/serializers/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,5 +30,10 @@ class Meta:
def get_score(self, obj: Hit) -> int:
return obj.meta.score

@property
def is_authenticated(self):
request = self.context.get("request")
return bool(request and request.user.is_authenticated)

def get_attributes(self, obj: Hit) -> Optional[dict]:
return get_attributes(obj, "attributes")
return get_attributes(obj, "attributes", self.is_authenticated)
17 changes: 16 additions & 1 deletion search_indices/serializers/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,18 @@

from elasticsearch_dsl.response.hit import Hit

attributes_for_authenticated = (
"function_InformationSystem",
"action_InformationSystem",
"classification_InformationSystem",
"record_InformationSystem",
"phase_InformationSystem",
)

def get_attributes(obj: Hit, attribute_field_name: str) -> Optional[dict]:

def get_attributes(
obj: Hit, attribute_field_name: str, authenticated: bool
) -> Optional[dict]:
"""
Fetch attributes from index and revert the attribute names that
have "." replaced with "+".
Expand All @@ -14,6 +24,11 @@ def get_attributes(obj: Hit, attribute_field_name: str) -> Optional[dict]:
attrs = attrs.to_dict()
for key, value in attrs.items():
key = key.replace("+", ".")

if not authenticated and key in attributes_for_authenticated:
continue

attributes[key] = value

return attributes
return None
29 changes: 28 additions & 1 deletion search_indices/tests/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from elasticsearch import Elasticsearch
from elasticsearch_dsl.connections import add_connection
from pytest import fixture
from rest_framework.test import APIClient

from metarecord.models import Action, Classification, Function, Phase, Record
from metarecord.tests.conftest import user, user_api_client # noqa
Expand Down Expand Up @@ -57,7 +58,7 @@ def destroy_indices():
RecordDocument._index.delete(ignore=[400, 404])


@fixture(scope="session", autouse=True)
@fixture(scope="class", autouse=True)
def create_indices():
"""
Initialize all indices with the custom analyzers.
Expand All @@ -82,13 +83,25 @@ def es_connection():
yield es_connection


@fixture
def api_client():
return APIClient()


@fixture
def action(phase):
return Action.objects.create(
attributes={"AdditionalInformation": "testisana"}, phase=phase, index=1
)


@fixture
def action_with_information_system(phase):
return Action.objects.create(
attributes={"InformationSystem": "xyz"}, phase=phase, index=1
)


@fixture
def action_2(phase_2):
return Action.objects.create(
Expand Down Expand Up @@ -124,6 +137,13 @@ def function(classification):
)


@fixture
def function_with_information_system(classification_2):
return Function.objects.create(
attributes={"InformationSystem": "xyz"}, classification=classification_2
)


@fixture
def function_2(classification_2):
return Function.objects.create(
Expand All @@ -139,6 +159,13 @@ def phase(function):
)


@fixture
def phase_with_information_system(function):
return Phase.objects.create(
attributes={"InformationSystem": "xyz"}, function=function, index=1
)


@fixture
def phase_2(function_2):
return Phase.objects.create(
Expand Down
Loading

0 comments on commit 2885ae3

Please sign in to comment.