diff --git a/apps/activity/api/views.py b/apps/activity/api/views.py index a5644fab..4c335491 100644 --- a/apps/activity/api/views.py +++ b/apps/activity/api/views.py @@ -2,7 +2,6 @@ # SPDX-License-Identifier: GPL-3.0-or-later from django_filters.rest_framework import DjangoFilterBackend - from api.filters import RegexSafeSearchFilter from api.viewsets import ReadProtectedModelViewSet diff --git a/apps/activity/views.py b/apps/activity/views.py index 74e39fb0..430e876e 100644 --- a/apps/activity/views.py +++ b/apps/activity/views.py @@ -19,6 +19,7 @@ from django.views.decorators.cache import cache_page from django.views.generic import DetailView, TemplateView, UpdateView from django.views.generic.list import ListView from django_tables2.views import MultiTableMixin +from api.viewsets import is_regex from note.models import Alias, NoteSpecial, NoteUser from permission.backends import PermissionBackend from permission.views import ProtectQuerysetMixin, ProtectedCreateView @@ -212,13 +213,16 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): if "search" in self.request.GET and self.request.GET["search"]: pattern = self.request.GET["search"] - if pattern[0] != "^": - pattern = "^" + pattern + + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix = "__iregex" if valid_regex else "__istartswith" + pattern = "^" + pattern if valid_regex and pattern[0] != "^" else pattern guest_qs = guest_qs.filter( - Q(first_name__iregex=pattern) - | Q(last_name__iregex=pattern) - | Q(inviter__alias__name__iregex=pattern) - | Q(inviter__alias__normalized_name__iregex=Alias.normalize(pattern)) + Q(**{f"first_name{suffix}": pattern}) + | Q(**{f"last_name{suffix}": pattern}) + | Q(**{f"inviter__alias__name{suffix}": pattern}) + | Q(**{f"inviter__alias__normalized_name{suffix}": Alias.normalize(pattern)}) ) else: guest_qs = guest_qs.none() @@ -250,11 +254,15 @@ class ActivityEntryView(LoginRequiredMixin, TemplateView): if "search" in self.request.GET and self.request.GET["search"]: pattern = self.request.GET["search"] + + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix = "__iregex" if valid_regex else "__icontains" note_qs = note_qs.filter( - Q(note__noteuser__user__first_name__iregex=pattern) - | Q(note__noteuser__user__last_name__iregex=pattern) - | Q(name__iregex=pattern) - | Q(normalized_name__iregex=Alias.normalize(pattern)) + Q(**{f"note__noteuser__user__first_name{suffix}": pattern}) + | Q(**{f"note__noteuser__user__last_name{suffix}": pattern}) + | Q(**{f"name{suffix}": pattern}) + | Q(**{f"normalized_name{suffix}": Alias.normalize(pattern)}) ) else: note_qs = note_qs.none() diff --git a/apps/api/tests.py b/apps/api/tests.py index 83d9d936..6be818bf 100644 --- a/apps/api/tests.py +++ b/apps/api/tests.py @@ -14,7 +14,6 @@ from django.test import TestCase from django_filters.rest_framework import DjangoFilterBackend from phonenumbers import PhoneNumber from rest_framework.filters import OrderingFilter - from api.filters import RegexSafeSearchFilter from member.models import Membership, Club from note.models import NoteClub, NoteUser, Alias, Note diff --git a/apps/api/viewsets.py b/apps/api/viewsets.py index 341af617..b1d42c50 100644 --- a/apps/api/viewsets.py +++ b/apps/api/viewsets.py @@ -1,6 +1,8 @@ # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay # SPDX-License-Identifier: GPL-3.0-or-later +import re + from django.contrib.contenttypes.models import ContentType from django_filters.rest_framework import DjangoFilterBackend from django.db.models import Q @@ -14,6 +16,14 @@ from .filters import RegexSafeSearchFilter from .serializers import UserSerializer, ContentTypeSerializer +def is_regex(pattern): + try: + re.compile(pattern) + return True + except (re.error, TypeError): + return False + + class ReadProtectedModelViewSet(ModelViewSet): """ Protect a ModelViewSet by filtering the objects that the user cannot see. @@ -60,34 +70,38 @@ class UserViewSet(ReadProtectedModelViewSet): if "search" in self.request.GET: pattern = self.request.GET["search"] + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix = "__iregex" if valid_regex else "__istartswith" + prefix = "^" if valid_regex else "" # Filter with different rules # We use union-all to keep each filter rule sorted in result queryset = queryset.filter( # Match without normalization - note__alias__name__iregex="^" + pattern + Q(**{f"note__alias__name{suffix}": prefix + pattern}) ).union( queryset.filter( # Match with normalization - Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern)) - & ~Q(note__alias__name__iregex="^" + pattern) + Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)}) + & ~Q(**{f"note__alias__name{suffix}": prefix + pattern}) ), all=True, ).union( queryset.filter( # Match on lower pattern - Q(note__alias__normalized_name__iregex="^" + pattern.lower()) - & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern)) - & ~Q(note__alias__name__iregex="^" + pattern) + Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()}) + & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)}) + & ~Q(**{f"note__alias__name{suffix}": prefix + pattern}) ), all=True, ).union( queryset.filter( # Match on firstname or lastname - (Q(last_name__iregex="^" + pattern) | Q(first_name__iregex="^" + pattern)) - & ~Q(note__alias__normalized_name__iregex="^" + pattern.lower()) - & ~Q(note__alias__normalized_name__iregex="^" + Alias.normalize(pattern)) - & ~Q(note__alias__name__iregex="^" + pattern) + (Q(**{f"last_name{suffix}": prefix + pattern}) | Q(**{f"first_name{suffix}": prefix + pattern})) + & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + pattern.lower()}) + & ~Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)}) + & ~Q(**{f"note__alias__name{suffix}": prefix + pattern}) ), all=True, ) diff --git a/apps/logs/api/views.py b/apps/logs/api/views.py index bf5aa8a5..655a473a 100644 --- a/apps/logs/api/views.py +++ b/apps/logs/api/views.py @@ -3,7 +3,6 @@ from django_filters.rest_framework import DjangoFilterBackend from rest_framework.filters import OrderingFilter - from api.viewsets import ReadOnlyProtectedModelViewSet from .serializers import ChangelogSerializer diff --git a/apps/member/api/views.py b/apps/member/api/views.py index 5e4e4667..a24a12d6 100644 --- a/apps/member/api/views.py +++ b/apps/member/api/views.py @@ -3,7 +3,6 @@ from django_filters.rest_framework import DjangoFilterBackend from rest_framework.filters import OrderingFilter - from api.filters import RegexSafeSearchFilter from api.viewsets import ReadProtectedModelViewSet diff --git a/apps/member/views.py b/apps/member/views.py index 45ba81a7..61a7bbf2 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -18,6 +18,7 @@ from django.views.generic import DetailView, UpdateView, TemplateView from django.views.generic.edit import FormMixin from django_tables2.views import SingleTableView from rest_framework.authtoken.models import Token +from api.viewsets import is_regex from note.models import Alias, NoteClub, NoteUser, Trust from note.models.transactions import Transaction, SpecialTransaction from note.tables import HistoryTable, AliasTable, TrustTable, TrustedTable @@ -219,16 +220,20 @@ class UserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): if "search" in self.request.GET and self.request.GET["search"]: pattern = self.request.GET["search"] + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix = "__iregex" if valid_regex else "__istartswith" + prefix = "^" if valid_regex else "" qs = qs.filter( - username__iregex="^" + pattern + Q(**{f"username{suffix}": prefix + pattern}) ).union( qs.filter( - (Q(alias__iregex="^" + pattern) - | Q(normalized_alias__iregex="^" + Alias.normalize(pattern)) - | Q(last_name__iregex="^" + pattern) - | Q(first_name__iregex="^" + pattern) + (Q(**{f"alias{suffix}": prefix + pattern}) + | Q(**{f"normalized_alias{suffix}": prefix + Alias.normalize(pattern)}) + | Q(**{f"last_name{suffix}": prefix + pattern}) + | Q(**{f"first_name{suffix}": prefix + pattern}) | Q(email__istartswith=pattern)) - & ~Q(username__iregex="^" + pattern) + & ~Q(**{f"username{suffix}": prefix + pattern}) ), all=True) else: qs = qs.none() @@ -410,10 +415,15 @@ class ClubListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableView): if "search" in self.request.GET: pattern = self.request.GET["search"] + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix = "__iregex" if valid_regex else "__istartswith" + prefix = "^" if valid_regex else "" + qs = qs.filter( - Q(name__iregex=pattern) - | Q(note__alias__name__iregex=pattern) - | Q(note__alias__normalized_name__iregex=Alias.normalize(pattern)) + Q(**{f"name{suffix}": prefix + pattern}) + | Q(**{f"note__alias__name{suffix}": prefix + pattern}) + | Q(**{f"note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)}) ) return qs @@ -912,10 +922,15 @@ class ClubMembersListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableV if 'search' in self.request.GET: pattern = self.request.GET['search'] + + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix = "__iregex" if valid_regex else "__istartswith" + prefix = "^" if valid_regex else "" qs = qs.filter( - Q(user__first_name__iregex='^' + pattern) - | Q(user__last_name__iregex='^' + pattern) - | Q(user__note__alias__normalized_name__iregex='^' + Alias.normalize(pattern)) + Q(**{f"user__first_name{suffix}": prefix + pattern}) + | Q(**{f"user__last_name{suffix}": prefix + pattern}) + | Q(**{f"user__note__alias__normalized_name{suffix}": prefix + Alias.normalize(pattern)}) ) only_active = "only_active" not in self.request.GET or self.request.GET["only_active"] != '0' diff --git a/apps/note/api/views.py b/apps/note/api/views.py index 4d39a7ce..ee1479be 100644 --- a/apps/note/api/views.py +++ b/apps/note/api/views.py @@ -1,19 +1,16 @@ # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay # SPDX-License-Identifier: GPL-3.0-or-later -import re - from django.conf import settings from django.db.models import Q from django.core.exceptions import ValidationError from django_filters.rest_framework import DjangoFilterBackend from rest_framework.filters import OrderingFilter -from rest_framework import viewsets +from rest_framework import status, viewsets from rest_framework.response import Response -from rest_framework import status - from api.filters import RegexSafeSearchFilter -from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet +from api.viewsets import ReadProtectedModelViewSet, ReadOnlyProtectedModelViewSet, \ + is_regex from permission.backends import PermissionBackend from .serializers import NotePolymorphicSerializer, AliasSerializer, ConsumerSerializer, \ @@ -51,10 +48,14 @@ class NotePolymorphicViewSet(ReadProtectedModelViewSet): .distinct() alias = self.request.query_params.get("alias", ".*") + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(alias) + suffix = '__iregex' if valid_regex else '__istartswith' + alias_prefix = '^' if valid_regex else '' queryset = queryset.filter( - Q(alias__name__iregex="^" + alias) - | Q(alias__normalized_name__iregex="^" + Alias.normalize(alias)) - | Q(alias__normalized_name__iregex="^" + alias.lower()) + Q(**{f"alias__name{suffix}": alias_prefix + alias}) + | Q(**{f"alias__normalized_name{suffix}": alias_prefix + Alias.normalize(alias)}) + | Q(**{f"alias__normalized_name{suffix}": alias_prefix + alias.lower()}) ) return queryset.order_by("id") @@ -68,7 +69,7 @@ class TrustViewSet(ReadProtectedModelViewSet): """ queryset = Trust.objects serializer_class = TrustSerializer - filter_backends = [SearchFilter, DjangoFilterBackend, OrderingFilter] + filter_backends = [RegexSafeSearchFilter, DjangoFilterBackend, OrderingFilter] search_fields = ['$trusting__alias__name', '$trusting__alias__normalized_name', '$trusted__alias__name', '$trusted__alias__normalized_name'] filterset_fields = ['trusting', 'trusting__noteuser__user', 'trusted', 'trusted__noteuser__user'] @@ -94,7 +95,7 @@ class AliasViewSet(ReadProtectedModelViewSet): """ REST API View set. The djangorestframework plugin will get all `Alias` objects, serialize it to JSON with the given serializer, - then render it on /api/note/aliases/ + then render it on /api/note/alias/ """ queryset = Alias.objects serializer_class = AliasSerializer @@ -129,18 +130,22 @@ class AliasViewSet(ReadProtectedModelViewSet): alias = self.request.query_params.get("alias", None) if alias: + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(alias) + suffix = '__iregex' if valid_regex else '__istartswith' + alias_prefix = '^' if valid_regex else '' queryset = queryset.filter( - name__iregex="^" + alias + **{f"name{suffix}": alias_prefix + alias} ).union( queryset.filter( - Q(normalized_name__iregex="^" + Alias.normalize(alias)) - & ~Q(name__iregex="^" + alias) + Q(**{f"normalized_name{suffix}": alias_prefix + Alias.normalize(alias)}) + & ~Q(**{f"name{suffix}": alias_prefix + alias}) ), all=True).union( queryset.filter( - Q(normalized_name__iregex="^" + alias.lower()) - & ~Q(normalized_name__iregex="^" + Alias.normalize(alias)) - & ~Q(name__iregex="^" + alias) + Q(**{f"normalized_name{suffix}": "^" + alias.lower()}) + & ~Q(**{f"normalized_name{suffix}": "^" + Alias.normalize(alias)}) + & ~Q(**{f"name{suffix}": "^" + alias}) ), all=True) @@ -169,11 +174,7 @@ class ConsumerViewSet(ReadOnlyProtectedModelViewSet): alias = self.request.query_params.get("alias", None) # Check if this is a valid regex. If not, we won't check regex - try: - re.compile(alias) - valid_regex = True - except (re.error, TypeError): - valid_regex = False + valid_regex = is_regex(alias) suffix = '__iregex' if valid_regex else '__istartswith' alias_prefix = '^' if valid_regex else '' queryset = queryset.prefetch_related('note') diff --git a/apps/note/views.py b/apps/note/views.py index a84e3636..7055ea12 100644 --- a/apps/note/views.py +++ b/apps/note/views.py @@ -13,6 +13,7 @@ from django.views.generic import CreateView, UpdateView, DetailView from django.urls import reverse_lazy from django_tables2 import SingleTableView from activity.models import Entry +from api.viewsets import is_regex from permission.backends import PermissionBackend from permission.views import ProtectQuerysetMixin from note_kfet.inputs import AmountInput @@ -89,11 +90,15 @@ class TransactionTemplateListView(ProtectQuerysetMixin, LoginRequiredMixin, Sing qs = super().get_queryset().distinct() if "search" in self.request.GET: pattern = self.request.GET["search"] + + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix = "__iregex" if valid_regex else "__icontains" qs = qs.filter( - Q(name__iregex=pattern) - | Q(destination__club__name__iregex=pattern) - | Q(category__name__iregex=pattern) - | Q(description__iregex=pattern) + Q(**{f"name{suffix}": pattern}) + | Q(**{f"destination__club__name{suffix}": pattern}) + | Q(**{f"category__name{suffix}": pattern}) + | Q(**{f"description{suffix}": pattern}) ) qs = qs.order_by('-display', 'category__name', 'destination__club__name', 'name') @@ -223,7 +228,10 @@ class TransactionSearchView(ProtectQuerysetMixin, LoginRequiredMixin, DetailView if "type" in data and data["type"]: transactions = transactions.filter(polymorphic_ctype__in=data["type"]) if "reason" in data and data["reason"]: - transactions = transactions.filter(reason__iregex=data["reason"]) + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(data["reason"]) + suffix = "__iregex" if valid_regex else "__istartswith" + transactions = transactions.filter(Q(**{f"reason{suffix}": data["reason"]})) if "valid" in data and data["valid"]: transactions = transactions.filter(valid=data["valid"]) if "amount_gte" in data and data["amount_gte"]: diff --git a/apps/permission/api/views.py b/apps/permission/api/views.py index 1dd18899..39ff353c 100644 --- a/apps/permission/api/views.py +++ b/apps/permission/api/views.py @@ -2,7 +2,6 @@ # SPDX-License-Identifier: GPL-3.0-or-later from django_filters.rest_framework import DjangoFilterBackend - from api.filters import RegexSafeSearchFilter from api.viewsets import ReadOnlyProtectedModelViewSet @@ -20,7 +19,7 @@ class PermissionViewSet(ReadOnlyProtectedModelViewSet): serializer_class = PermissionSerializer filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter] filterset_fields = ['model', 'type', 'query', 'mask', 'field', 'permanent', ] - search_fields = ['$model__name', '$query', '$description', ] + search_fields = ['$model__model', '$query', '$description', ] class RoleViewSet(ReadOnlyProtectedModelViewSet): diff --git a/apps/registration/views.py b/apps/registration/views.py index 3dd820d7..58299da2 100644 --- a/apps/registration/views.py +++ b/apps/registration/views.py @@ -16,6 +16,7 @@ from django.views import View from django.views.generic import CreateView, TemplateView, DetailView from django.views.generic.edit import FormMixin from django_tables2 import SingleTableView +from api.viewsets import is_regex from member.forms import ProfileForm from member.models import Membership, Club from note.models import SpecialTransaction, Alias @@ -192,11 +193,16 @@ class FutureUserListView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableVi if "search" in self.request.GET and self.request.GET["search"]: pattern = self.request.GET["search"] + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix_username = "__iregex" if valid_regex else "__icontains" + suffix = "__iregex" if valid_regex else "__istartswith" + prefix = "^" if valid_regex else "" qs = qs.filter( - Q(first_name__iregex=pattern) - | Q(last_name__iregex=pattern) - | Q(profile__section__iregex=pattern) - | Q(username__iregex="^" + pattern) + Q(**{f"first_name{suffix}": pattern}) + | Q(**{f"last_name{suffix}": pattern}) + | Q(**{f"profile__section{suffix}": pattern}) + | Q(**{f"username{suffix_username}": prefix + pattern}) ) return qs diff --git a/apps/treasury/api/views.py b/apps/treasury/api/views.py index 8cdb79d8..418bf220 100644 --- a/apps/treasury/api/views.py +++ b/apps/treasury/api/views.py @@ -2,7 +2,6 @@ # SPDX-License-Identifier: GPL-3.0-or-later from django_filters.rest_framework import DjangoFilterBackend - from api.filters import RegexSafeSearchFilter from api.viewsets import ReadProtectedModelViewSet diff --git a/apps/treasury/views.py b/apps/treasury/views.py index be989f99..64692793 100644 --- a/apps/treasury/views.py +++ b/apps/treasury/views.py @@ -20,6 +20,7 @@ from django.views.generic import UpdateView, DetailView from django.views.generic.base import View, TemplateView from django.views.generic.edit import BaseFormView, DeleteView from django_tables2 import SingleTableView +from api.viewsets import is_regex from note.models import SpecialTransaction, NoteSpecial, Alias from note_kfet.settings.base import BASE_DIR from permission.backends import PermissionBackend @@ -411,11 +412,16 @@ class SogeCreditListView(LoginRequiredMixin, ProtectQuerysetMixin, SingleTableVi if "search" in self.request.GET: pattern = self.request.GET["search"] if pattern: + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix_alias = "__iregex" if valid_regex else "__icontains" + suffix = "__iregex" if valid_regex else "__istartswith" + prefix = "^" if valid_regex else "" qs = qs.filter( - Q(user__first_name__iregex=pattern) - | Q(user__last_name__iregex=pattern) - | Q(user__note__alias__name__iregex="^" + pattern) - | Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern)) + Q(**{f"user__first_name{suffix}": pattern}) + | Q(**{f"user__last_name{suffix}": pattern}) + | Q(**{f"user__note__alias__name{suffix_alias}": prefix + pattern}) + | Q(**{f"user__note__alias__normalized_name{suffix_alias}": prefix + Alias.normalize(pattern)}) ) if "valid" not in self.request.GET or not self.request.GET["valid"]: diff --git a/apps/wei/api/views.py b/apps/wei/api/views.py index 88189d70..13f04a91 100644 --- a/apps/wei/api/views.py +++ b/apps/wei/api/views.py @@ -3,7 +3,6 @@ from django_filters.rest_framework import DjangoFilterBackend from rest_framework.filters import OrderingFilter - from api.filters import RegexSafeSearchFilter from api.viewsets import ReadProtectedModelViewSet diff --git a/apps/wei/views.py b/apps/wei/views.py index 4771cb5b..af0ce968 100644 --- a/apps/wei/views.py +++ b/apps/wei/views.py @@ -23,6 +23,7 @@ from django.views.generic import DetailView, UpdateView, RedirectView, TemplateV from django.utils.translation import gettext_lazy as _ from django.views.generic.edit import BaseFormView, DeleteView from django_tables2 import SingleTableView +from api.viewsets import is_regex from member.models import Membership, Club from note.models import Transaction, NoteClub, Alias, SpecialTransaction, NoteSpecial from note.tables import HistoryTable @@ -219,13 +220,18 @@ class WEIMembershipsView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTableVi if not pattern: return qs.none() + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix_alias = "__iregex" if valid_regex else "__istartswith" + suffix = "__iregex" if valid_regex else "__icontains" + prefix = "^" if valid_regex else "" qs = qs.filter( - Q(user__first_name__iregex=pattern) - | Q(user__last_name__iregex=pattern) - | Q(user__note__alias__name__iregex="^" + pattern) - | Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern)) - | Q(bus__name__iregex=pattern) - | Q(team__name__iregex=pattern) + Q(**{f"user__first_name{suffix}": pattern}) + | Q(**{f"user__last_name{suffix}": pattern}) + | Q(**{f"user__note__alias__name{suffix_alias}": prefix + pattern}) + | Q(**{f"user__note__alias__normalized_name{suffix_alias}": prefix + Alias.normalize(pattern)}) + | Q(**{f"bus__name{suffix}": pattern}) + | Q(**{f"team__name{suffix}": pattern}) ) return qs @@ -255,11 +261,16 @@ class WEIRegistrationsView(ProtectQuerysetMixin, LoginRequiredMixin, SingleTable pattern = self.request.GET.get("search", "") if pattern: + # Check if this is a valid regex. If not, we won't check regex + valid_regex = is_regex(pattern) + suffix_alias = "__iregex" if valid_regex else "__istartswith" + suffix = "__iregex" if valid_regex else "__icontains" + prefix = "^" if valid_regex else "" qs = qs.filter( - Q(user__first_name__iregex=pattern) - | Q(user__last_name__iregex=pattern) - | Q(user__note__alias__name__iregex="^" + pattern) - | Q(user__note__alias__normalized_name__iregex="^" + Alias.normalize(pattern)) + Q(**{f"user__first_name{suffix}": pattern}) + | Q(**{f"user__last_name{suffix}": pattern}) + | Q(**{f"user__note__alias__name{suffix_alias}": prefix + pattern}) + | Q(**{f"user__note__alias__normalized_name{suffix_alias}": prefix + Alias.normalize(pattern)}) ) return qs