def ensure_constrained(query):
from app import auth
if not query._user_bound or not auth.apply_security:
return query
mzero = query._mapper_zero()
if mzero is not None:
user_security = auth.get_current_user_security()
if user_security.is_restricted():
# use reflection to get current model
cls = mzero.class_
# if model includes mine_guid, apply filter on mine_guid.
if hasattr(cls, 'mine_guid') and query._user_bound:
query = query.enable_assertions(False).filter(
cls.mine_guid.in_(user_security.mine_ids))
return query
def put(self):
user_security = auth.get_current_user_security()
return user_security.is_restricted()
