Fix a bug in the result censor

bengler · Feb 26, 2014 · 0145d1c · 0145d1c
1 parent db93f40
commit 0145d1c
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 16 deletions.
diff --git a/lib/sherlock/result_censor.rb b/lib/sherlock/result_censor.rb
@@ -9,8 +9,10 @@ def self.consider(search_result, god_mode, user_identity)
         return search_result if god_mode
         search_result['hits']['hits'].each do |hit|
           unless user_identity && user_identity == hit['_source']['created_by']
-            hit['_source'].delete('sensitive.email')
             hit['_source']['pristine'].delete('sensitive')
+            hit['_source'].each_pair do |key, value|
+              hit['_source'].delete(key) if key.start_with? 'sensitive.'
+            end
           end
         end
         search_result

diff --git a/spec/result_censor_spec.rb b/spec/result_censor_spec.rb
@@ -33,37 +33,36 @@
             "_type"=>"post.card",
             "_id"=>"post.card:hell.pitchfork$3",
             "_score"=>0.09492774,
-            "_source"=>{"document.app"=>"hot stuff", "created_by" => 777, "sensitive" => "yup", "realm"=>"hell", "uid"=>"post.card:hell.pitchfork$2", "pristine"=>{"document"=>{"app"=>"hot stuff"}, "realm"=>"hell", "uid"=>"post.card:hell.pitchfork$1"}}
+            "_source"=>{"document.app"=>"hot stuff", "created_by" => 777, "sensitive.email" => "asdf@example.com", "realm"=>"hell", "uid"=>"post.card:hell.pitchfork$2", "pristine"=>{"sensitive" => {"email" => "asdf@example.com"}, "document"=>{"app"=>"hot stuff"}, "realm"=>"hell", "uid"=>"post.card:hell.pitchfork$1"}}
           }
 
         ]
       }
     }
   }
 
-  subject {
-    Sherlock::ResultCensor
-  }
-
   it "conceals the sensitive field for John Smith" do
-    censored_result = subject.consider(search_result, false, 111)
+    censored_result = Sherlock::ResultCensor.consider(search_result, false, 111)
     censored_result['hits']['hits'].map do |hit|
-      hit['sensitive'].should eq nil
+      hit['_source']['pristine']['sensitive'].should eq nil
+      hit['_source']['sensitive.email'].should eq nil
     end
   end
 
   it "discloses the sensitive field to owner" do
-    censored_result = subject.consider(search_result, false, 777)
-    censored_result['hits']['hits'][0]['_source']['sensitive'] == nil
-    censored_result['hits']['hits'][1]['_source']['sensitive'] == nil
-    censored_result['hits']['hits'][2]['_source']['sensitive'] == "yup"
+    censored_result = Sherlock::ResultCensor.consider(search_result, false, 777)
+    censored_result['hits']['hits'][0]['_source']['sensitive'].should eq nil
+    censored_result['hits']['hits'][1]['_source']['sensitive'].should eq nil
+    censored_result['hits']['hits'][2]['_source']['pristine']['sensitive'].should eq({'email' => 'asdf@example.com'})
+    censored_result['hits']['hits'][2]['_source']['sensitive.email'].should eq 'asdf@example.com'
   end
 
   it "discloses the sensitive field to god herself" do
-    censored_result = subject.consider(search_result, true, nil)
-    censored_result['hits']['hits'][0]['_source']['sensitive'] == nil
-    censored_result['hits']['hits'][1]['_source']['sensitive'] == nil
-    censored_result['hits']['hits'][2]['_source']['sensitive'] == "yup"
+    censored_result = Sherlock::ResultCensor.consider(search_result, true, nil)
+    censored_result['hits']['hits'][0]['_source']['sensitive'].should eq nil
+    censored_result['hits']['hits'][1]['_source']['sensitive'].should eq nil
+    censored_result['hits']['hits'][2]['_source']['pristine']['sensitive'].should eq({'email' => 'asdf@example.com'})
+    censored_result['hits']['hits'][2]['_source']['sensitive.email'].should eq 'asdf@example.com'
   end
 
 end