Protect search page to be read from non-admin users

corres2math/urls.py

@@ -19,13 +19,15 @@ from django.views.defaults import bad_request, permission_denied, page_not_found
 from django.views.generic import TemplateView
 from registration.views import PhotoAuthorizationView
 
+from .views import AdminSearchView
+
 urlpatterns = [
     path('', TemplateView.as_view(template_name="index.html"), name='index'),
     path('i18n/', include('django.conf.urls.i18n')),
     path('admin/doc/', include('django.contrib.admindocs.urls')),
     path('admin/', admin.site.urls, name="admin"),
     path('accounts/', include('django.contrib.auth.urls')),
-    path('search/', include('haystack.urls')),
+    path('search/', AdminSearchView.as_view(), name="haystack_search"),
 
     path('api/', include('api.urls')),
     path('participation/', include('participation.urls')),

corres2math/views.py

@@ -0,0 +1,13 @@
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.core.exceptions import PermissionDenied
+from django.utils.translation import gettext_lazy as _
+from haystack.generic_views import SearchView
+
+
+class AdminSearchView(LoginRequiredMixin, SearchView):
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated:
+            return self.handle_no_permission()
+        if not request.user.registration.is_admin:
+            raise PermissionDenied(_("Only administrators are allowed to perform a full research."))
+        return super().dispatch(request, *args, **kwargs)

locale/fr/LC_MESSAGES/django.po

@@ -7,7 +7,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Corres2math\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2020-10-15 17:12+0200\n"
+"POT-Creation-Date: 2020-10-15 20:47+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: Yohann D'ANELLO <yohann.danello@animath.fr>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -115,11 +115,12 @@ msgstr "Je m'engage à participer à l'intégralité des Correspondances."
 msgid "Message to address to the team:"
 msgstr "Message à adresser à l'équipe :"
 
-#: apps/participation/models.py:17
+#: apps/participation/models.py:17 apps/participation/tables.py:12
+#: apps/participation/tables.py:34 apps/participation/tables.py:60
 msgid "name"
 msgstr "nom"
 
-#: apps/participation/models.py:23
+#: apps/participation/models.py:23 apps/participation/tables.py:39
 msgid "trigram"
 msgstr "trigramme"
 
@@ -162,7 +163,8 @@ msgstr "équipes"
 msgid "Problem #{problem:d}"
 msgstr "Problème n°{problem:d}"
 
-#: apps/participation/models.py:85
+#: apps/participation/models.py:85 apps/participation/tables.py:17
+#: apps/participation/tables.py:44
 msgid "problem number"
 msgstr "numéro de problème"
 
@@ -370,65 +372,65 @@ msgstr "Invalider"
 msgid "Update team"
 msgstr "Modifier l'équipe"
 
-#: apps/participation/views.py:28 templates/base.html:70
+#: apps/participation/views.py:27 templates/base.html:70
 #: templates/base.html:219
 msgid "Create team"
 msgstr "Créer une équipe"
 
-#: apps/participation/views.py:35 apps/participation/views.py:65
+#: apps/participation/views.py:34 apps/participation/views.py:64
 msgid "You don't participate, so you can't create a team."
 msgstr "Vous ne participez pas, vous ne pouvez pas créer d'équipe."
 
-#: apps/participation/views.py:37 apps/participation/views.py:67
+#: apps/participation/views.py:36 apps/participation/views.py:66
 msgid "You are already in a team."
 msgstr "Vous êtes déjà dans une équipe."
 
-#: apps/participation/views.py:58 templates/base.html:75
+#: apps/participation/views.py:57 templates/base.html:75
 #: templates/base.html:215
 msgid "Join team"
 msgstr "Rejoindre une équipe"
 
-#: apps/participation/views.py:93 apps/participation/views.py:247
+#: apps/participation/views.py:92 apps/participation/views.py:246
 msgid "You are not in a team."
 msgstr "Vous n'êtes pas dans une équipe."
 
-#: apps/participation/views.py:94 apps/participation/views.py:248
+#: apps/participation/views.py:93 apps/participation/views.py:247
 msgid "You don't participate, so you don't have any team."
 msgstr "Vous ne participez pas, vous n'avez donc pas d'équipe."
 
-#: apps/participation/views.py:133
+#: apps/participation/views.py:132
 msgid "You don't participate, so you can't request the validation of the team."
 msgstr ""
 "Vous ne participez pas, vous ne pouvez pas demander la validation de "
 "l'équipe."
 
-#: apps/participation/views.py:136
+#: apps/participation/views.py:135
 msgid "The validation of the team is already done or pending."
 msgstr "La validation de l'équipe est déjà faite ou en cours."
 
-#: apps/participation/views.py:149
+#: apps/participation/views.py:148
 msgid "You are not an administrator."
 msgstr "Vous n'êtes pas administrateur."
 
-#: apps/participation/views.py:152
+#: apps/participation/views.py:151
 msgid "This team has no pending validation."
 msgstr "L'équipe n'a pas de validation en attente."
 
-#: apps/participation/views.py:174
+#: apps/participation/views.py:173
 msgid "You must specify if you validate the registration or not."
 msgstr "Vous devez spécifier si vous validez l'inscription ou non."
 
-#: apps/participation/views.py:231 apps/registration/views.py:213
+#: apps/participation/views.py:230 apps/registration/views.py:213
 #, python-brace-format
 msgid "Photo authorization of {student}.{ext}"
 msgstr "Autorisation de droit à l'image de {student}.{ext}"
 
-#: apps/participation/views.py:235
+#: apps/participation/views.py:234
 #, python-brace-format
 msgid "Photo authorizations of team {trigram}.zip"
 msgstr "Autorisations de droit à l'image de l'équipe {trigram}.zip"
 
-#: apps/participation/views.py:257
+#: apps/participation/views.py:256
 msgid "The team is not validated yet."
 msgstr "L'équipe n'est pas encore validée."
 
@@ -533,6 +535,12 @@ msgstr "inscription d'administrateur"
 msgid "admin registrations"
 msgstr "inscriptions d'administrateur"
 
+#: apps/registration/tables.py:11
+#, fuzzy
+#| msgid "Last name:"
+msgid "last name"
+msgstr "Nom de famille :"
+
 #: apps/registration/templates/registration/email_validation_complete.html:15
 msgid "Your email have successfully been validated."
 msgstr "Votre email a été validé avec succès."
@@ -780,6 +788,10 @@ msgstr "Anglais"
 msgid "French"
 msgstr "Français"
 
+#: corres2math/views.py:12
+msgid "Only administrators are allowed to perform a full research."
+msgstr "Seuls les administrateurs sont autorisés à effectuer une recherche."
+
 #: templates/400.html:6
 msgid "Bad request"
 msgstr "Requête invalide"
@@ -921,6 +933,6 @@ msgstr "Chercher"
 msgid "Results"
 msgstr "Résultats"
 
-#: templates/search/search.html:24
+#: templates/search/search.html:26
 msgid "No results found."
 msgstr "Aucun résultat."

templates/search/search.html

@@ -16,7 +16,7 @@
     <h3>{% trans "Results" %}</h3>
 
     <div id="search-results">
-        {% regroup page.object_list by model_name as categories %}
+        {% regroup object_list by model_name as categories %}
         {% for category in categories %}
             <h4>{% trans category.grouper|capfirst %}</h4>
             {% with table=category.list|search_table %}
@@ -25,13 +25,5 @@
         {% empty %}
             <p>{% trans "No results found." %}</p>
         {% endfor %}
-
-        {% if page.has_previous or page.has_next %}
-            <div>
-                {% if page.has_previous %}<a href="?q={{ query }}&amp;page={{ page.previous_page_number }}">{% endif %}&laquo; Previous{% if page.has_previous %}</a>{% endif %}
-                |
-                {% if page.has_next %}<a href="?q={{ query }}&amp;page={{ page.next_page_number }}">{% endif %}Next &raquo;{% if page.has_next %}</a>{% endif %}
-            </div>
-        {% endif %}
     </div>
 {% endblock %}