def _virtualChildItems(self, event): params = event.info['params'] if 'folderId' not in params: return # This is not a child listing request user = self.getCurrentUser() folder = Folder().load(params['folderId'], user=user, level=AccessType.READ) if not folder.get('isVirtual') or 'virtualItemsQuery' not in folder: return # Parent is not a virtual folder, proceed as normal limit, offset, sort = self.getPagingParameters(params, defaultSortField='name') q = json_util.loads(folder['virtualItemsQuery']) if 'virtualItemsSort' in folder: sort = json.loads(folder['virtualItemsSort']) item = Item() # These items may reside in folders that the user cannot read, so we must filter items = item.filterResultsByPermission(item.find(q, sort=sort), user, level=AccessType.READ, limit=limit, offset=offset) event.preventDefault().addResponse([item.filter(i, user) for i in items])
def findItemsByMetadata(self, key, value, limit, offset, sort): # Construct a mongo query from the parameters given. Developers should # be careful when constructing these queries to ensure that private # information is not leaked. In this example, the user could pass an # arbitrary dictionary which could involve an aggregation pipeline, so # we check that only simple types are accepted. if isinstance(value, (list, dict)): # This is a special type of exception that tells girder to respond # with an HTTP response with the given code and message. raise RestException('The value must not be a dictionary or list.', code=400) query = { 'meta': { key: value } } # This gets the logged in user who created the request. If it is an # anonymous request, this value will be `None`. user = self.getCurrentUser() # Here, item is a "model" class which is a single instance providing an # api that wraps traditional mongo queries. This API is described at: # http://girder.readthedocs.io/en/latest/api-docs.html?#models item = Item() # This runs a "find" operation on the item collection returning a mongo # cursor. cursor = item.find(query, sort=sort) # The `filterResultsByPermission` allows paged access to a mongo query # while filtering out documents that the current user doesn't have # access to. In this case, it requires the current user have read # access to the items. The return value is an iterator that begins at # `offset` and ends at `offset + limit`. response = item.filterResultsByPermission( cursor, user=user, level=AccessType.READ, limit=limit, offset=offset ) # Finally, we turn the iterator into an explicit list for return to the # user. Girder handles json encoding the response. return list(response)
def _virtualChildItems(self, event): params = event.info['params'] if 'folderId' not in params: return # This is not a child listing request user = self.getCurrentUser() folder = Folder().load(params['folderId'], user=user, level=AccessType.READ) if not folder.get('isVirtual') or 'virtualItemsQuery' not in folder: return # Parent is not a virtual folder, proceed as normal limit, offset, sort = self.getPagingParameters(params, defaultSortField='name') q = json_util.loads(folder['virtualItemsQuery']) if 'virtualItemsSort' in folder: sort = json.loads(folder['virtualItemsSort']) item = Item() # These items may reside in folders that the user cannot read, so we must filter items = item.filterResultsByPermission( item.find(q, sort=sort), user, level=AccessType.READ, limit=limit, offset=offset) event.preventDefault().addResponse([item.filter(i, user) for i in items])