Citadel: Move get_user_access to plugin

2026-03-13 07:29:39 +00:00 · 2021-05-18 11:24:31 +02:00 · 2021-05-18 11:24:31 +02:00 · 40b1a0b60a
commit 40b1a0b60a
parent 8a790bb42d
2 changed files with 18 additions and 3 deletions
--- a/citadel/indico_citadel/search.py
+++ b/citadel/indico_citadel/search.py
@ -16,7 +16,7 @@ from indico.modules.search.base import IndicoSearchProvider, SearchOption

 from indico_citadel import _
 from indico_citadel.result_schemas import CitadelResultSchema
-from indico_citadel.util import format_filters, format_query
+from indico_citadel.util import format_filters, format_query, get_user_access


 class CitadelProvider(IndicoSearchProvider):
@ -28,7 +28,7 @@ class CitadelProvider(IndicoSearchProvider):
        self.backend_url = CitadelPlugin.settings.get('search_backend_url')
        self.records_url = url_join(self.backend_url, 'api/records/')

-    def search(self, query, access, page=1, object_types=(), **params):
+    def search(self, query, user=None, page=1, object_types=(), **params):
        # https://cern-search.docs.cern.ch/usage/operations/#query-documents
        # this token is used by the backend to authenticate and also to filter
        # the objects that we can actually read
@ -48,7 +48,7 @@ class CitadelProvider(IndicoSearchProvider):
                         'type': [x.name for x in object_types], 'sort': sort, 'default_operator': operator,
                         **filter_query}
        # Filter by the objects that can be viewed by users/groups in the `access` argument
-        if access:
+        if access := get_user_access(user):
            access_string = ','.join(access)
            if len(access_string) > 1024:
                access_string_gz = base64.b64encode(zlib.compress(access_string.encode(), level=9))
--- a/citadel/indico_citadel/util.py
+++ b/citadel/indico_citadel/util.py
@ -13,6 +13,9 @@ from functools import wraps
 from flask import current_app
 from flask.globals import _app_ctx_stack

+from indico.modules.groups import GroupProxy
+from indico.util.caching import memoize_redis
+

 def parallelize(func, entries, batch_size=200):
    @wraps(func)
@ -136,3 +139,15 @@ def remove_none_entries(obj):
    elif isinstance(obj, (list, tuple, set)):
        return type(obj)(map(remove_none_entries, obj))
    return obj
+
+
+@memoize_redis(3600)
+def get_user_access(user):
+    if not user:
+        return []
+    access = [user.identifier] + [u.identifier for u in user.get_merged_from_users_recursive()]
+    access += [GroupProxy(x.id, _group=x).identifier for x in user.local_groups]
+    if user.can_get_all_multipass_groups:
+        access += [GroupProxy(x.name, x.provider.name, x).identifier
+                   for x in user.iter_all_multipass_groups()]
+    return access