Skip to content

Commit 00bdfe1

Browse files
schlatterbeckschlatterbeck
committed
Make Searching work in REST API
Previously only Links/Multilinks where the property name (e.g. "status) is equal to the linked class name (e.g. "status") worked. Now we can search for String, Date, Link/Multilink, with no restrictions. Also honor the search permissions. In the process we rename page_size, page_index parameters to the search to @page_size and @page_index, respectively. Also renamed to add a leading '@' was the fields parameter to data/<classname>/<id> (it is now called @fields), and the action_name and action_args parameters to the PATCH method on data/<classname>/<id>.
1 parent 8d8b961 commit 00bdfe1

File tree

1 file changed

+27
-13
lines changed

1 file changed

+27
-13
lines changed

roundup/rest.py

Lines changed: 27 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -493,20 +493,34 @@ def get_collection(self, class_name, input):
493493
'size': None,
494494
'index': 1 # setting just size starts at page 1
495495
}
496+
uid = self.db.getuid()
496497
for form_field in input.value:
497498
key = form_field.name
498499
value = form_field.value
499-
if key.startswith("where_"): # serve the filter purpose
500+
if key.startswith("@page_"): # serve the paging purpose
500501
key = key[6:]
501-
filter_props[key] = [
502-
getattr(self.db, key).lookup(p)
503-
for p in value.split(",")
504-
]
505-
elif key.startswith("page_"): # serve the paging purpose
506-
key = key[5:]
507502
value = int(value)
508503
page[key] = value
509-
504+
else: # serve the filter purpose
505+
prop = class_obj.getprops()[key]
506+
# We drop properties without search permission silently
507+
# This reflects the current behavior of other roundup
508+
# interfaces
509+
if not self.db.security.hasSearchPermission(
510+
uid, class_name, key
511+
):
512+
continue
513+
if isinstance (prop, (hyperdb.Link, hyperdb.Multilink)):
514+
vals = []
515+
linkcls = self.db.getclass (prop.classname)
516+
for p in value.split(","):
517+
if prop.try_id_parsing and p.isdigit():
518+
vals.append(p)
519+
else:
520+
vals.append(linkcls.lookup(p))
521+
filter_props[key] = vals
522+
else:
523+
filter_props[key] = value
510524
if not filter_props:
511525
obj_list = class_obj.list()
512526
else:
@@ -542,11 +556,11 @@ def get_collection(self, class_name, input):
542556
result['@links'][rel] = []
543557
result['@links'][rel].append({
544558
'rel': rel,
545-
'uri': "%s/%s?page_index=%s&"%(self.data_path,
559+
'uri': "%s/%s?@page_index=%s&"%(self.data_path,
546560
class_name,index) \
547561
+ '&'.join([ "%s=%s"%(field.name,field.value) \
548562
for field in input.value \
549-
if field.name != "page_index"]) })
563+
if field.name != "@page_index"]) })
550564

551565
result['@total_size'] = result_len
552566
self.client.setHeader("X-Count-Total", str(result_len))
@@ -590,7 +604,7 @@ def get_element(self, class_name, item_id, input):
590604
for form_field in input.value:
591605
key = form_field.name
592606
value = form_field.value
593-
if key == "fields":
607+
if key == "@fields":
594608
props = value.split(",")
595609
if key == "@protected":
596610
# allow client to request read only
@@ -1027,9 +1041,9 @@ def patch_element(self, class_name, item_id, input):
10271041
for form_field in input.value:
10281042
key = form_field.name
10291043
value = form_field.value
1030-
if key == "action_name":
1044+
if key == "@action_name":
10311045
name = value
1032-
elif key.startswith('action_args'):
1046+
elif key.startswith('@action_args'):
10331047
action_args.append(value)
10341048

10351049
if name in self.actions:

0 commit comments

Comments
 (0)