[course_admin] filter non activate and "empty username" users. (#919)

UCL-INGI · Mar 6, 2023 · 1c6fe48 · 1c6fe48
1 parent 79c784f
commit 1c6fe48
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/inginious/frontend/pages/course_admin/search_user.py b/inginious/frontend/pages/course_admin/search_user.py
@@ -18,9 +18,11 @@ def GET_AUTH(self, courseid, request):  # pylint: disable=arguments-differ
         self.get_course_and_check_rights(courseid, allow_all_staff=True)
 
         request = re.escape(request) # escape for safety. Maybe this is not needed...
-        users = list(self.database.users.find({"$or": [{"username": {"$regex": ".*" + request + ".*", "$options": "i"}},
+        users = list(self.database.users.find({"$and":[{ "activate": { "$exists": False } },
+                                                       {"username":{ "$ne": "" }},
+                                                       {"$or": [{"username": {"$regex": ".*" + request + ".*", "$options": "i"}},
                                                        {"realname": {"$regex": ".*" + request + ".*", "$options": "i"}}
-                                                      ]}, {"username": 1, "realname": 1}).limit(10))
+                                                      ]}]}, {"username": 1, "realname": 1}).limit(10))
         return Response(content_type='text/json; charset=utf-8',response=json.dumps([[
             {'username': entry['username'], 'realname': entry['realname']}
             for entry in users