def _virtualChildItems(self, event):
params = event.info['params']
if 'folderId' not in params:
return # This is not a child listing request
user = self.getCurrentUser()
folder = Folder().load(params['folderId'],
user=user,
level=AccessType.READ)
if not folder.get('isVirtual') or 'virtualItemsQuery' not in folder:
return # Parent is not a virtual folder, proceed as normal
limit, offset, sort = self.getPagingParameters(params,
defaultSortField='name')
q = json_util.loads(folder['virtualItemsQuery'])
if 'virtualItemsSort' in folder:
sort = json.loads(folder['virtualItemsSort'])
item = Item()
# These items may reside in folders that the user cannot read, so we must filter
items = item.filterResultsByPermission(item.find(q, sort=sort),
user,
level=AccessType.READ,
limit=limit,
offset=offset)
event.preventDefault().addResponse([item.filter(i, user) for i in items])
def findItemsByMetadata(self, key, value, limit, offset, sort):
# Construct a mongo query from the parameters given. Developers should
# be careful when constructing these queries to ensure that private
# information is not leaked. In this example, the user could pass an
# arbitrary dictionary which could involve an aggregation pipeline, so
# we check that only simple types are accepted.
if isinstance(value, (list, dict)):
# This is a special type of exception that tells girder to respond
# with an HTTP response with the given code and message.
raise RestException('The value must not be a dictionary or list.', code=400)
query = {
'meta': {
key: value
}
}
# This gets the logged in user who created the request. If it is an
# anonymous request, this value will be `None`.
user = self.getCurrentUser()
# Here, item is a "model" class which is a single instance providing an
# api that wraps traditional mongo queries. This API is described at:
# http://girder.readthedocs.io/en/latest/api-docs.html?#models
item = Item()
# This runs a "find" operation on the item collection returning a mongo
# cursor.
cursor = item.find(query, sort=sort)
# The `filterResultsByPermission` allows paged access to a mongo query
# while filtering out documents that the current user doesn't have
# access to. In this case, it requires the current user have read
# access to the items. The return value is an iterator that begins at
# `offset` and ends at `offset + limit`.
response = item.filterResultsByPermission(
cursor,
user=user, level=AccessType.READ,
limit=limit, offset=offset
)
# Finally, we turn the iterator into an explicit list for return to the
# user. Girder handles json encoding the response.
return list(response)
def _virtualChildItems(self, event):
params = event.info['params']
if 'folderId' not in params:
return # This is not a child listing request
user = self.getCurrentUser()
folder = Folder().load(params['folderId'], user=user, level=AccessType.READ)
if not folder.get('isVirtual') or 'virtualItemsQuery' not in folder:
return # Parent is not a virtual folder, proceed as normal
limit, offset, sort = self.getPagingParameters(params, defaultSortField='name')
q = json_util.loads(folder['virtualItemsQuery'])
if 'virtualItemsSort' in folder:
sort = json.loads(folder['virtualItemsSort'])
item = Item()
# These items may reside in folders that the user cannot read, so we must filter
items = item.filterResultsByPermission(
item.find(q, sort=sort), user, level=AccessType.READ, limit=limit, offset=offset)
event.preventDefault().addResponse([item.filter(i, user) for i in items])
