def deserialize(self, node, cstruct):
"""
Deserialize should get a list of id's from the request, it should
try to fetch all the objects to ensure they exist, then return
a list of objects.
:param node: :class:`colander.SchemaNode`
:param cstruct: Unvalidated list of id's
:return: List of model objects
"""
# deserialize the list, so we don't have to validate that ourselves
raw_ids = self.list_field.deserialize(node, cstruct)
# list field.deserialize did not return a valid list
if raw_ids == colander.null:
return colander.null
# list of id's should never contains a null item
if None in raw_ids:
raise colander.Invalid(node, "list of id's should not contain a null value")
# loop and fetch each object, maybe we can do this in one query?
ids = [self.field.deserialize(node, obj_id) for obj_id in raw_ids]
# sqlalchemy generates a warning when using in_ with an empty lists
if len(ids) > 0:
# this will fetch all the objects in the m2m using a single query
obj_list = list(DBSession.query(self.model).filter(self.model.id.in_(ids)))
# not all the records in the m2m list exist
actual_ids = {obj.id for obj in obj_list}
missing = list(set(ids) - actual_ids)
if missing:
raise colander.Invalid(node, "{} objects with id {} do not exist".format(self.model.__name__, missing))
return obj_list
else:
return []
def deserialize(self, node, cstruct):
"""
Deserialize takes input data from the request, validates it, and
returns the deserialized value for this field, which in this case
is the fetched model instance of the foreign key field.
:param node: :class:`colander.SchemaNode`
:param cstruct: Unvalidated object id
:return: Model instance
"""
value = self.field.deserialize(node, cstruct)
# FIXME: we should possibly check if the self.pk is actually nullable
# otherwise we might want to raise an Invalid exception here
if value is colander.null:
return None
fk_obj = DBSession.query(self.model).get(value)
# record was not found in db
if fk_obj is None:
raise colander.Invalid(node, '{} with id {} does not exist'.format(self.model.__name__, cstruct))
return fk_obj
def list_by_group(self):
"""
Returns a list of tuples (Permission, Group), only returns rows where
permissions are used by a group.
"""
return DBSession.query(Permission, Group).join(Group.permissions)
def get_permissions(self):
"""
Returns a list of Permissions for this user based on their Groups.
"""
group_ids = [group.id for group in self.groups]
return DBSession.query(Permission).join(Group.permissions).filter(Group.id.in_(group_ids))
