Fix: only return search hits that are showable

author: Lars Wirzenius <liw@liw.fi> 2018-11-17 19:38:05 +0200
committer: Lars Wirzenius <liw@liw.fi> 2018-11-17 19:38:05 +0200
commit: 1ff1ffceb9a1b6ed6c2bd9bbf8f8f55b8fe8a198 (patch)
tree: c876c997f44511b3c7e37ab6cafe31d001c54b58
parent: dd6a174190c43b3da6fc2d542f63289b75088e39 (diff)
download: muck-poc-1ff1ffceb9a1b6ed6c2bd9bbf8f8f55b8fe8a198.tar.gz
1 files changed, 16 insertions, 1 deletions
diff --git a/muck_poc b/muck_poc
index 85278ea..edf59e7 100755
--- a/muck_poc
+++ b/muck_poc
@@ -153,11 +153,26 @@ class MuckAPI:
         return self._create_response(200, 'delete', meta, res)
 
     def _search_res(self, claims):
+        def is_showble(rid):
+            try:
+                meta, res = self._get_existing(rid)
+            except bottle.HTTPError as e:
+                return False
+            return self._access_is_allowed(meta, claims):
+
         body = self._get_json_body()
         cond = body.get('cond')
         ms = self._store.get_memory_store()
+
+        hits = ms.search(cond)
+        hits = [
+            rid
+            for rid in ms.search(cond)
+            if is_showable(rid)
+        ]
+
         result = {
-            'resources': ms.search(cond),
+            'resources': hits,
         }
         return bottle.HTTPResponse(status=200, body=json.dumps(result))
author	Lars Wirzenius <liw@liw.fi>	2018-11-17 19:38:05 +0200
committer	Lars Wirzenius <liw@liw.fi>	2018-11-17 19:38:05 +0200
commit	1ff1ffceb9a1b6ed6c2bd9bbf8f8f55b8fe8a198 (patch)
tree	c876c997f44511b3c7e37ab6cafe31d001c54b58
parent	dd6a174190c43b3da6fc2d542f63289b75088e39 (diff)
download	muck-poc-1ff1ffceb9a1b6ed6c2bd9bbf8f8f55b8fe8a198.tar.gz