diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-11-17 19:38:05 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-11-17 19:38:05 +0200 |
commit | 1ff1ffceb9a1b6ed6c2bd9bbf8f8f55b8fe8a198 (patch) | |
tree | c876c997f44511b3c7e37ab6cafe31d001c54b58 | |
parent | dd6a174190c43b3da6fc2d542f63289b75088e39 (diff) | |
download | muck-poc-1ff1ffceb9a1b6ed6c2bd9bbf8f8f55b8fe8a198.tar.gz |
Fix: only return search hits that are showable
-rwxr-xr-x | muck_poc | 17 |
1 files changed, 16 insertions, 1 deletions
@@ -153,11 +153,26 @@ class MuckAPI: return self._create_response(200, 'delete', meta, res) def _search_res(self, claims): + def is_showble(rid): + try: + meta, res = self._get_existing(rid) + except bottle.HTTPError as e: + return False + return self._access_is_allowed(meta, claims): + body = self._get_json_body() cond = body.get('cond') ms = self._store.get_memory_store() + + hits = ms.search(cond) + hits = [ + rid + for rid in ms.search(cond) + if is_showable(rid) + ] + result = { - 'resources': ms.search(cond), + 'resources': hits, } return bottle.HTTPResponse(status=200, body=json.dumps(result)) |