def get_collection(self, filter_by_contexts=True):
if hasattr(self.model, 'eager_query'):
query = self.model.eager_query()
else:
query = db.session.query(self.model)
joinlist = []
if request.args:
querybuilder = AttributeQueryBuilder(self.model)
filter, joinlist = querybuilder.collection_filters(request.args)
if filter is not None:
for j in joinlist:
query = query.join(j)
query = query.filter(filter)
if filter_by_contexts:
contexts = permissions.read_contexts_for(self.model.__name__)
if contexts is not None:
query = query.filter(or_(
self.model.context_id.in_(contexts),
self.model.context_id == None))
for j in joinlist:
j_class = j.property.mapper.class_
j_contexts = permissions.read_contexts_for(j_class.__name__)
if j_contexts is not None:
query = query.filter(or_(
j_class.context_id.in_(j_contexts),
j_class.context_id == None))
return query.order_by(self.modified_attr.desc())
def get_collection(self, filter_by_contexts=True):
if hasattr(self.model, 'eager_query'):
query = self.model.eager_query()
else:
query = db.session.query(self.model)
joinlist = []
if request.args:
querybuilder = AttributeQueryBuilder(self.model)
filter, joinlist = querybuilder.collection_filters(request.args)
if filter is not None:
for j in joinlist:
query = query.join(j)
query = query.filter(filter)
if filter_by_contexts:
contexts = permissions.read_contexts_for(self.model.__name__)
if contexts is not None:
query = query.filter(
or_(self.model.context_id.in_(contexts),
self.model.context_id == None))
for j in joinlist:
j_class = j.property.mapper.class_
j_contexts = permissions.read_contexts_for(j_class.__name__)
if j_contexts is not None:
query = query.filter(
or_(j_class.context_id.in_(j_contexts),
j_class.context_id == None))
return query.order_by(self.modified_attr.desc())
def _get_type_query(self,
model_names,
permission_type='read',
permission_model=None):
type_queries = []
for model_name in model_names:
type_query = None
if permission_type == 'read':
contexts = permissions.read_contexts_for(permission_model
or model_name)
resources = permissions.read_resources_for(permission_model
or model_name)
elif permission_type == 'create':
contexts = permissions.create_contexts_for(permission_model
or model_name)
resources = permissions.create_resources_for(permission_model
or model_name)
elif permission_type == 'update':
contexts = permissions.update_contexts_for(permission_model
or model_name)
resources = permissions.update_resources_for(permission_model
or model_name)
elif permission_type == 'delete':
contexts = permissions.delete_contexts_for(permission_model
or model_name)
resources = permissions.delete_resources_for(permission_model
or model_name)
if permission_model and contexts:
contexts = set(contexts) & set(
permissions.read_contexts_for(model_name))
if contexts is not None:
# Don't filter out None contexts here
if None not in contexts and permission_type == "read":
contexts.append(None)
if resources:
resource_sql = and_(MysqlRecordProperty.type == model_name,
MysqlRecordProperty.key.in_(resources))
else:
resource_sql = false()
type_query = or_(
and_(
MysqlRecordProperty.type == model_name,
context_query_filter(MysqlRecordProperty.context_id,
contexts)), resource_sql)
type_queries.append(type_query)
return and_(MysqlRecordProperty.type.in_(model_names),
or_(*type_queries))
def get_collection(self, filter_by_contexts=True):
if "__stubs_only" not in request.args and hasattr(self.model, "eager_query"):
query = self.model.eager_query()
else:
query = db.session.query(self.model)
joinlist = []
if request.args:
querybuilder = AttributeQueryBuilder(self.model)
filter, joinlist, options = querybuilder.collection_filters(request.args)
if filter is not None:
for j in joinlist:
query = query.join(j)
query = query.filter(filter)
if options:
query = query.options(*options)
if filter_by_contexts:
contexts = permissions.read_contexts_for(self.model.__name__)
filter_expr = None
if contexts is not None and None in contexts:
filter_expr = self.model.context_id == None
contexts.remove(None)
if contexts is not None and len(contexts) > 0:
filter_in_expr = self.model.context_id.in_(contexts)
if filter_expr is not None:
filter_expr = or_(filter_expr, filter_in_expr)
else:
filter_expr = filter_in_expr
elif contexts is not None and not filter_expr:
# No context should match.
filter_expr = self.model.context_id == -1
if filter_expr is not None:
query = query.filter(filter_expr)
for j in joinlist:
j_class = j.property.mapper.class_
j_contexts = permissions.read_contexts_for(j_class.__name__)
if j_contexts is not None:
query = query.filter(or_(j_class.context_id.in_(j_contexts), j_class.context_id == None))
query = query.order_by(self.modified_attr.desc())
if "__limit" in request.args:
try:
limit = int(request.args["__limit"])
query = query.limit(limit)
except (TypeError, ValueError):
pass
return query
def _get_type_query(
self, types=None, permission_type='read', permission_model=None):
model_names = [model.__name__ for model in all_models]
if types is not None:
model_names = [m for m in model_names if m in types]
type_queries = []
for model_name in model_names:
type_query = None
if permission_type == 'read':
type_permissions = permissions.read_contexts_for(
permission_model or model_name)
elif permission_type == 'create':
type_permissions = permissions.create_contexts_for(
permission_model or model_name)
elif permission_type == 'update':
type_permissions = permissions.update_contexts_for(
permission_model or model_name)
elif permission_type == 'delete':
type_permissions = permissions.delete_contexts_for(
permission_model or model_name)
if permission_model and type_permissions:
type_permissions = set(type_permissions) & set(
permissions.read_contexts_for(model_name))
if type_permissions is None:
type_query = (MysqlRecordProperty.type == model_name)
elif type_permissions:
type_query = and_(
MysqlRecordProperty.type == model_name,
MysqlRecordProperty.context_id.in_(type_permissions))
else:
type_query = False
type_queries.append(type_query)
return and_(
MysqlRecordProperty.type.in_(model_names),
or_(
MysqlRecordProperty.context_id == None,
*type_queries))
def get_context_resource(model_name,
permission_type='read',
permission_model=None):
"""Get allowed contexts and resources."""
permissions_map = {
"create": (pr.create_contexts_for, pr.create_resources_for),
"read": (pr.read_contexts_for, pr.read_resources_for),
"update": (pr.update_contexts_for, pr.update_resources_for),
"delete": (pr.delete_contexts_for, pr.delete_resources_for),
}
contexts = permissions_map[permission_type][0](permission_model
or model_name)
resources = permissions_map[permission_type][1](permission_model
or model_name)
if permission_model and contexts:
contexts = set(contexts) & set(pr.read_contexts_for(model_name))
return contexts, resources
def get_context_resource(model_name, permission_type='read',
permission_model=None):
"""Get allowed contexts and resources."""
permissions_map = {
"create": (pr.create_contexts_for, pr.create_resources_for),
"read": (pr.read_contexts_for, pr.read_resources_for),
"update": (pr.update_contexts_for, pr.update_resources_for),
"delete": (pr.delete_contexts_for, pr.delete_resources_for),
}
contexts = permissions_map[permission_type][0](
permission_model or model_name)
resources = permissions_map[permission_type][1](
permission_model or model_name)
if permission_model and contexts:
contexts = set(contexts) & set(
pr.read_contexts_for(model_name))
return contexts, resources
def search(self, terms):
type_clauses = []
for model in all_models:
clause = 'type = "{0}"'.format(model.__name__)
type_permissions = permissions.read_contexts_for(model.__name__)
if type_permissions is None:
# can read in all contexts
type_clauses.append('({0})'.format(clause))
elif type_permissions:
# can read in limited contexts
clause = '{0} and context_id in ({1})'.format(
clause,
','.join(['{0}'.format(id) for id in type_permissions]))
type_clauses.append('({0})'.format(clause))
else:
# else, can't read in any context, don't add a clause for it
pass
type_clauses_str = ' or '.join(type_clauses)
if len(type_clauses) > 1:
type_clauses_str = '({0})'.format(type_clauses_str)
query = db.session.query(self.record_type).filter(
'(match (content) against (:terms)) and {0}'.format(type_clauses_str))\
.params(terms=terms).all()
return query
def search(self, terms):
type_clauses =[]
for model in all_models:
clause = 'type = "{0}"'.format(model.__name__)
type_permissions = permissions.read_contexts_for(model.__name__)
if type_permissions is None:
# can read in all contexts
type_clauses.append('({0})'.format(clause))
elif type_permissions:
# can read in limited contexts
clause = '{0} and context_id in ({1})'.format(
clause,
','.join(['{0}'.format(id) for id in type_permissions]))
type_clauses.append('({0})'.format(clause))
else:
# else, can't read in any context, don't add a clause for it
pass
type_clauses_str = ' or '.join(type_clauses)
if len(type_clauses) > 1:
type_clauses_str = '({0})'.format(type_clauses_str)
query = db.session.query(self.record_type).filter(
'(match (content) against (:terms)) and {0}'.format(type_clauses_str))\
.params(terms=terms).all()
return query
