class UuidOnly(UuidMixin, BaseMixin, db.Model):
__tablename__ = 'uuid_only'
__uuid_primary_key__ = True
is_regular = db.Column(db.Unicode(250))
is_immutable = immutable(db.deferred(db.Column(db.Unicode(250))))
is_cached = cached(db.Column(db.Unicode(250)))
# Make both raw column and relationship immutable
referral_target_id = immutable(
db.Column(None, db.ForeignKey('referral_target.id'), nullable=True))
referral_target = immutable(db.relationship(ReferralTarget))
class RoleModel(DeclaredAttrMixin, RoleMixin, db.Model):
__tablename__ = 'role_model'
# Approach one, declare roles in advance.
# 'all' is a special role that is always granted from the base class
__roles__ = {'all': {'read': {'id', 'name', 'title'}}}
__datasets__ = {
'minimal': {'id', 'name'},
'extra': {'id', 'name', 'mixed_in1'}
}
# Additional dataset members are defined using with_roles
# Approach two, annotate roles on the attributes.
# These annotations always add to anything specified in __roles__
id = db.Column(db.Integer, primary_key=True) # NOQA: A003
name = with_roles(db.Column(db.Unicode(250)),
rw={'owner'}) # Specify read+write access
title = with_roles(
db.Column(db.Unicode(250)),
write={'owner', 'editor'},
datasets={'minimal', 'extra', 'third'}, # 'third' is unique here
) # Grant 'owner' and 'editor' write but not read access
defval = with_roles(db.deferred(db.Column(db.Unicode(250))), rw={'owner'})
@with_roles(call={'all'}
) # 'call' grants call access to the decorated method
def hello(self):
return "Hello!"
# RoleMixin provides a `roles_for` that automatically grants roles from
# `granted_by` declarations. See the RoleGrant models below for examples.
# This is optional however, and your model can take independent responsibility
# for granting roles given an actor and anchors (an iterable). The format for
# anchors is not specified by RoleMixin.
def roles_for(self, actor=None, anchors=()):
# Calling super gives us a set with the standard roles
roles = super(RoleModel, self).roles_for(actor, anchors)
if 'owner-secret' in anchors:
roles.add('owner') # Grant owner role
return roles
class RoleModel(DeclaredAttrMixin, RoleMixin, db.Model):
__tablename__ = 'role_model'
# Approach one, declare roles in advance.
# 'all' is a special role that is always granted from the base class
__roles__ = {
'all': {
'read': {'id', 'name', 'title'}
}
}
# Approach two, annotate roles on the attributes.
# These annotations always add to anything specified in __roles__
id = db.Column(db.Integer, primary_key=True)
name = with_roles(db.Column(db.Unicode(250)),
rw={'owner'}) # Specify read+write access
title = with_roles(db.Column(db.Unicode(250)),
write={'owner', 'editor'}) # Grant 'owner' and 'editor' write but not read access
defval = with_roles(db.deferred(db.Column(db.Unicode(250))),
rw={'owner'})
@with_roles(call={'all'}) # 'call' grants call access to the decorated method
def hello(self):
return "Hello!"
# Your model is responsible for granting roles given an actor or anchors
# (an iterable). The format for anchors is not specified by RoleMixin.
def roles_for(self, actor=None, anchors=()):
# Calling super give us a result set with the standard roles
result = super(RoleModel, self).roles_for(actor, anchors)
if 'owner-secret' in anchors:
result.add('owner') # Grant owner role
return result