mirror of
https://github.com/documize/community.git
synced 2025-07-22 14:49:42 +02:00
Implement category-based permissioning for search results
Only see what you can see. Co-Authored-By: Saul S <sauls8t@users.noreply.github.com>
This commit is contained in:
parent
ae50b889c5
commit
467acec3c4
5 changed files with 95 additions and 9 deletions
|
@ -418,6 +418,7 @@ func (h *Handler) SearchDocuments(w http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
// Get search criteria.
|
||||
options := search.QueryOptions{}
|
||||
err = json.Unmarshal(body, &options)
|
||||
if err != nil {
|
||||
|
@ -425,24 +426,30 @@ func (h *Handler) SearchDocuments(w http.ResponseWriter, r *http.Request) {
|
|||
h.Runtime.Log.Error(method, err)
|
||||
return
|
||||
}
|
||||
|
||||
options.Keywords = strings.TrimSpace(options.Keywords)
|
||||
|
||||
// Get documents for search criteria.
|
||||
results, err := h.Store.Search.Documents(ctx, options)
|
||||
if err != nil {
|
||||
h.Runtime.Log.Error(method, err)
|
||||
}
|
||||
|
||||
// Put in slugs for easy UI display of search URL
|
||||
// Generate slugs for search URL.
|
||||
for key, result := range results {
|
||||
results[key].DocumentSlug = stringutil.MakeSlug(result.Document)
|
||||
results[key].SpaceSlug = stringutil.MakeSlug(result.Space)
|
||||
}
|
||||
|
||||
// Record user search history
|
||||
// Remove documents that cannot be seen due to lack of
|
||||
// category view/access permission.
|
||||
cats, err := h.Store.Category.GetByOrg(ctx, ctx.UserID)
|
||||
members, err := h.Store.Category.GetOrgCategoryMembership(ctx, ctx.UserID)
|
||||
filtered := indexer.FilterCategoryProtected(results, cats, members)
|
||||
|
||||
// Record user search history.
|
||||
if !options.SkipLog {
|
||||
if len(results) > 0 {
|
||||
go h.recordSearchActivity(ctx, results, options.Keywords)
|
||||
if len(filtered) > 0 {
|
||||
go h.recordSearchActivity(ctx, filtered, options.Keywords)
|
||||
} else {
|
||||
ctx.Transaction, err = h.Runtime.Db.Beginx()
|
||||
if err != nil {
|
||||
|
@ -468,7 +475,7 @@ func (h *Handler) SearchDocuments(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
h.Store.Audit.Record(ctx, audit.EventTypeSearch)
|
||||
|
||||
response.WriteJSON(w, results)
|
||||
response.WriteJSON(w, filtered)
|
||||
}
|
||||
|
||||
// Record search request once per document.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue