def _apply_nested_privacy(self, data):
""" Apply privacy to nested documents.
:param data: Dict of data to which privacy is already applied.
"""
kw = {
'is_admin': self.is_admin,
'drop_hidden': self.drop_hidden,
}
for key, val in data.items():
if is_document(val):
data[key] = apply_privacy(self.request)(result=val, **kw)
elif isinstance(val, list) and val and is_document(val[0]):
data[key] = [apply_privacy(self.request)(result=doc, **kw)
for doc in val]
return data
def _apply_nested_privacy(self, data):
""" Apply privacy to nested documents.
:param data: Dict of data to which privacy is already applied.
"""
kw = {
'is_admin': self.is_admin,
'drop_hidden': self.drop_hidden,
}
for key, val in data.items():
if is_document(val):
data[key] = apply_privacy(self.request)(result=val, **kw)
elif isinstance(val, list) and val and is_document(val[0]):
data[key] = [apply_privacy(self.request)(result=doc, **kw)
for doc in val]
return data
def _check_permissions(request, document):
""" Check permissions of ES document.
:param request: Pyramid Request instance that represents current
request
:param document: Dict representing valid ES document
:return: Input document if it's not a valid document. None if user
doesn't have permissions to see the document. Document with
filtered relationships if user has permissions to see it.
"""
# Make sure `document` is a valid ES document
if not is_document(document):
return document
# Check whether document can be displayed to user
acl = engine.ACLField.objectify_acl(document.get('_acl', []))
context = SimpleContext(acl)
if request.has_permission('view', context):
return check_relations_permissions(request, document)
