Parse input of search filters to prevent errors based on invalid regex, fixes #113

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

apps/permission/api/views.py

@@ -1,9 +1,10 @@
 # Copyright (C) 2018-2024 by BDE ENS Paris-Saclay
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-from api.viewsets import ReadOnlyProtectedModelViewSet
 from django_filters.rest_framework import DjangoFilterBackend
-from rest_framework.filters import SearchFilter
+
+from api.filters import RegexSafeSearchFilter
+from api.viewsets import ReadOnlyProtectedModelViewSet
 
 from .serializers import PermissionSerializer, RoleSerializer
 from ..models import Permission, Role
@@ -17,7 +18,7 @@ class PermissionViewSet(ReadOnlyProtectedModelViewSet):
     """
     queryset = Permission.objects.order_by('id')
     serializer_class = PermissionSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['model', 'type', 'query', 'mask', 'field', 'permanent', ]
     search_fields = ['$model__name', '$query', '$description', ]
 
@@ -30,6 +31,6 @@ class RoleViewSet(ReadOnlyProtectedModelViewSet):
     """
     queryset = Role.objects.order_by('id')
     serializer_class = RoleSerializer
-    filter_backends = [DjangoFilterBackend, SearchFilter]
+    filter_backends = [DjangoFilterBackend, RegexSafeSearchFilter]
     filterset_fields = ['name', 'permissions', 'for_club', 'memberships__user', ]
     search_fields = ['$name', '$for_club__name', ]