Beispiel #1
0
def get_entity(id, action):
    entity, obj = fetch_entity(id)
    obj_or_404(entity)
    if entity.get('$bulk') and action == request.authz.WRITE:
        raise ImATeapot("Cannot write this entity.")
    require(request.authz.can(entity.get('collection_id'), action))
    return entity, obj
Beispiel #2
0
def get_entity(id, action):
    entity, obj = fetch_entity(id)
    if obj is None:
        entity = obj_or_404(entity)
        # Apply roles-based security to dataset-sourced entities.
        request.authz.require(request.authz.check_roles(entity.get('roles')))
        # Cannot edit them:
        if action == request.authz.WRITE:
            raise ImATeapot("Cannot write this entity.")
    else:
        collections = request.authz.collections.get(action)
        request.authz.require(obj.collection_id in collections)
    return entity, obj