MIME-Version: 1.0
References: <641bd039-a2e3-db73-dcc1-1b3d2707bfa9@cmatte.me>
In-Reply-To: <641bd039-a2e3-db73-dcc1-1b3d2707bfa9@cmatte.me>
From: Magnus Hagander <magnus@hagander.net>
Date: Thu, 4 Nov 2021 11:25:57 +0100
Message-ID: 
 <CABUevEz4mvffKcrCuwH7=+JL6Z5HdvpQWOy+zA3NCNM+6653dA@mail.gmail.com>
Subject: Re: Issue report: search function not working for private lists
To: =?UTF-8?Q?C=C3=A9lestin_Matte?= <celestin.matte@cmatte.me>
Cc: pgsql-www@lists.postgresql.org
Content-Type: multipart/alternative; boundary="00000000000079874a05cff3f411"
Archived-At: 
 <https://www.postgresql.org/message-id/CABUevEz4mvffKcrCuwH7%3D%2BJL6Z5HdvpQWOy%2BzA3NCNM%2B6653dA%40mail.gmail.com>
Precedence: bulk

--00000000000079874a05cff3f411
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 4, 2021 at 10:42 AM C=C3=A9lestin Matte <celestin.matte@cmatte.=
me>
wrote:

> There are several issues that prevent the correct installation of search
> functions for private lists:
> - it is only possible to define a single archive search server in pgweb's
> settings.py, which makes it impossible to define both a public and a
> private archives server,
> - there does not seem to be any kind of permissions verifications in
> pgweb/search/views.py that would allow only users subscribed to a list to
> search into it.
>
> I've been told that this functionality did not indeed work for
> postresql.org's private lists.
>

Yes, this is a known limitation. This is "documented" in a code comment:

def search(request):
    if not settings.PUBLIC_ARCHIVES:
        # We don't support searching of non-public archives at all at this
point.
        # XXX: room for future improvement
        return HttpResponseForbidden('Not public archives')


--=20
 Magnus Hagander
 Me: https://www.hagander.net/ <http://www.hagander.net/>
 Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>

--00000000000079874a05cff3f411
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Thu, Nov 4, 2021 at 10:42 AM C=C3=
=A9lestin Matte &lt;<a href=3D"mailto:celestin.matte@cmatte.me">celestin.ma=
tte@cmatte.me</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" sty=
le=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);paddi=
ng-left:1ex">There are several issues that prevent the correct installation=
 of search functions for private lists:<br>
- it is only possible to define a single archive search server in pgweb&#39=
;s settings.py, which makes it impossible to define both a public and a pri=
vate archives server,<br>
- there does not seem to be any kind of permissions verifications in pgweb/=
search/views.py that would allow only users subscribed to a list to search =
into it.<br>
<br>
I&#39;ve been told that this functionality did not indeed work for <a href=
=3D"http://postresql.org" rel=3D"noreferrer" target=3D"_blank">postresql.or=
g</a>&#39;s private lists.<br></blockquote><div><br></div><div>Yes, this is=
 a known limitation. This is &quot;documented&quot; in a code comment:</div=
><div><br></div>def search(request):<br>=C2=A0 =C2=A0 if not settings.PUBLI=
C_ARCHIVES:<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 # We don&#39;t support searching=
 of non-public archives at all at this point.<br>=C2=A0 =C2=A0 =C2=A0 =C2=
=A0 # XXX: room for future improvement<br>=C2=A0 =C2=A0 =C2=A0 =C2=A0 retur=
n HttpResponseForbidden(&#39;Not public archives&#39;)<br><div>=C2=A0</div>=
</div><div><br></div>-- <br><div dir=3D"ltr" class=3D"gmail_signature"><div=
 dir=3D"ltr"><div>=C2=A0Magnus Hagander<br>=C2=A0Me: <a href=3D"http://www.=
hagander.net/" target=3D"_blank">https://www.hagander.net/</a><br>=C2=A0Wor=
k: <a href=3D"http://www.redpill-linpro.com/" target=3D"_blank">https://www=
.redpill-linpro.com/</a></div></div></div></div>

--00000000000079874a05cff3f411--