paradizelost/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2025-08-14 00:26:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Respect superuser for advanced queries, test coverage for object perms

Browse Source
This commit is contained in:
shamoon
2023-04-27 15:00:03 -07:00
parent d2a8076596
commit e275a2736a
3 changed files with 100 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/documents/index.py
View File

@@ -225,15 +225,19 @@ class DelayedQuery:
user_criterias = [query.Term("has_owner", False)]
if "user" in self.query_params:
user_criterias.append(query.Term("owner_id", self.query_params["user"]))
user_criterias.append(
query.Term("viewer_id", str(self.query_params["user"])),
)
if self.query_params["is_superuser"]: # superusers see all docs
user_criterias = []
else:
user_criterias.append(query.Term("owner_id", self.query_params["user"]))
user_criterias.append(
query.Term("viewer_id", str(self.query_params["user"])),
)
if len(criterias) > 0:
criterias.append(query.Or(user_criterias))
if len(user_criterias) > 0:
criterias.append(query.Or(user_criterias))
return query.And(criterias)
else:
return query.Or(user_criterias)
return query.Or(user_criterias) if len(user_criterias) > 0 else None
def _get_query_sortedby(self):
if "ordering" not in self.query_params: