Merge pull request #2884 from DevHugo/post_visible_membre_sans_groupe

[15.6] L'indexation des droits permet aux membres avec un groupe autre de voir tous les posts
zestedesavoir · Jul 4, 2015 · cfc1985 · cfc1985
2 parents e6fee30 + 12067b5
commit cfc1985
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 11 deletions.
diff --git a/zds/forum/search_indexes.py b/zds/forum/search_indexes.py
@@ -24,7 +24,7 @@ def get_model(self):
         return Topic
 
     def prepare_permissions(self, obj):
-        return obj.forum.group.values_list('name', flat=True).all() or None
+        return [group.name for group in obj.forum.group.all()] or "public"
 
 
 class PostIndex(indexes.SearchIndex, indexes.Indexable):
@@ -57,4 +57,4 @@ def prepare_topic_forum(self, obj):
         return obj.topic.forum
 
     def prepare_permissions(self, obj):
-        return obj.topic.forum.group.values_list('name', flat=True).all() or None
+        return [group.name for group in obj.topic.forum.group.all()] or "public"
diff --git a/zds/search/views.py b/zds/search/views.py
@@ -1,8 +1,8 @@
 # coding: utf-8
+from django.db.models import Q
 
 from django.shortcuts import render
 from django.core.urlresolvers import reverse
-from haystack.inputs import Raw
 
 from haystack.views import SearchView
 
@@ -38,21 +38,17 @@ def create_response(self):
     def get_results(self):
         queryset = super(CustomSearchView, self).get_results()
 
-        # Due to a bug in Haystack library (https://github.com/django-haystack/django-haystack/issues/163)
-        # We can do field = None or use __isnull. We are obliged to use a raw solr query.
-        # Obviously, it is solr dependant
-        is_empty = Raw("[* TO *]")
-
         # We want to search only on authorized post and topic
         if self.request.user.is_authenticated():
             groups = self.request.user.groups
 
             if groups.count() > 0:
-                return queryset.filter_or(permissions=is_empty, permissions__in=groups.all())
+                return queryset.filter(Q(permissions="public") |
+                                       Q(permissions__in=[group.name for group in groups.all()]))
             else:
-                return queryset.exclude(permissions=is_empty)
+                return queryset.filter(permissions="public")
         else:
-            return queryset.exclude(permissions=is_empty)
+            return queryset.filter(permissions="public")
 
 
 def opensearch(request):