Esempio n. 1
0
    def get_objects(self, **kwargs):
        """ Method for extraction object list query
        """
        if current_user.is_anonymous() or not current_user.is_superuser():
            kwargs['customer_id'] = self._customer.id

        return super(AddressResource, self).get_objects(**kwargs)
Esempio n. 2
0
    def get_objects(self, **kwargs):
        """ Method for extraction object list query
        """
        if current_user.is_anonymous() or not current_user.is_superuser():
            kwargs['customer_id'] = self._customer.id

        return super(AddressResource, self).get_objects(**kwargs)
Esempio n. 3
0
    def serialize(self, instance, include=None):
        exclude = ['email']

        if not (current_user.is_anonymous() or instance.is_anonymous()):
            if current_user.id == instance.id or current_user.is_superuser():
                exclude = []

        return instance.as_dict(include, exclude)
Esempio n. 4
0
    def serialize(self, instance, include=None):
        exclude = ['email']

        if not (current_user.is_anonymous() or instance.is_anonymous()):
            if current_user.id == instance.id or current_user.is_superuser():
                exclude = []

        return instance.as_dict(include, exclude)
Esempio n. 5
0
    def serialize(self, instance, include=None):
        exclude = []
        if current_user.is_anonymous() or instance.is_anonymous():
            return instance.as_dict(include)

        if current_user.id != instance.id or not current_user.is_superuser():
            exclude.append('email')

        return instance.as_dict(include, exclude)
Esempio n. 6
0
    def get_objects(self, **kwargs):
        """ Method for extraction object list query
        """
        if 'user_id' in request.args:
            kwargs['user_id'] = request.args['user_id']

        if not current_user.is_superuser():
            kwargs['user_id'] = current_user.id

        return super(BankAccountResource, self).get_objects(**kwargs)
Esempio n. 7
0
    def get_objects(self, **kwargs):
        """ Method for extraction object list query
        """
        if 'user_id' in request.args:
            kwargs['user_id'] = request.args['user_id']

        if not current_user.is_superuser():
            kwargs['user_id'] = current_user.id

        return super(BankAccountResource, self).get_objects(**kwargs)
Esempio n. 8
0
    def get_objects(self, **kwargs):
        """ Method for extraction object list query
        """
        self.model is None and abort(http.BAD_REQUEST)
        if "user_id" in request.args:
            kwargs["user_id"] = request.args["user_id"]

        if not current_user.is_superuser():
            kwargs["user_id"] = current_user.id

        return self.model.query.filter_by(**kwargs)
Esempio n. 9
0
    def get_objects(self, **kwargs):
        """ Method for extraction object list query
        """
        if current_user.is_anonymous():
            kwargs['customer_id'] = session['customer_id']
        elif not current_user.is_superuser():
            kwargs['customer_id'] = current_user.customer.id
        # TODO: process product owners

        self.model is None and abort(http.BAD_REQUEST)
        return self.model.query.filter_by(**kwargs)
Esempio n. 10
0
        def wrapper(value):
            trafaret = t.List(t.Int)
            value = trafaret.check(value)
            roles = Role.query.filter(Role.id.in_(value)).all()

            if len(value) != len(roles):
                return t.DataError(_("Roles are invalid"))

            if current_user.is_superuser():
                return roles
            else:
                return self.get_object(id).roles
Esempio n. 11
0
        def wrapper(value):
            trafaret = t.List(t.Int)
            value = trafaret.check(value)
            roles = Role.query.filter(Role.id.in_(value)).all()

            if len(value) != len(roles):
                return t.DataError(_("Roles are invalid"))

            if current_user.is_superuser():
                return roles
            else:
              return self.get_object(id).roles
Esempio n. 12
0
    def get_object(self, id):
        """ overriding base get_object flow
        """
        if request.json and 'token' in request.json:
            token = request.json['token']
            expired, invalid, instance = confirm_email_token_status(token)
            confirm_user(instance)
            instance.save()
            login_user(instance, True)
        elif current_user.is_superuser():
            instance = User.query.get_or_404(id)
        else:
            instance = current_user

        instance is None and abort(http.NOT_FOUND)
        return instance
Esempio n. 13
0
    def get_object(self, id):
        """ overriding base get_object flow
        """
        if request.json and 'token' in request.json:
            token = request.json['token']
            expired, invalid, instance = confirm_email_token_status(token)
            confirm_user(instance)
            instance.save()
            login_user(instance, True)
        elif current_user.is_superuser():
            instance = User.query.get_or_404(id)
        else:
            instance = current_user

        instance is None and abort(http.NOT_FOUND)
        return instance
Esempio n. 14
0
 def get_objects(self, **kwargs):
     if current_user.is_anonymous() or not current_user.is_superuser():
         kwargs['id'] = self._customer.id
     return super(CustomerResource, self).get_objects(**kwargs)
Esempio n. 15
0
 def get_object(self, id):
     instance = super(BankAccountResource, self).get_object(id)
     if instance.check_owner(current_user) or current_user.is_superuser():
         return instance
     return abort(http.UNAUTHORIZED)
Esempio n. 16
0
 def get_object(self, id):
     instance = super(BankAccountResource, self).get_object(id)
     if instance.check_owner(current_user) or current_user.is_superuser():
         return instance
     return abort(http.UNAUTHORIZED)
Esempio n. 17
0
 def get_objects(self, **kwargs):
     if current_user.is_anonymous():
         kwargs["id"] = session.get("customer_id") or abort(http.NOT_FOUND)
     elif not current_user.is_superuser():
         kwargs["id"] = current_user.customer.id
     return super(CustomerResource, self).get_objects(**kwargs)
Esempio n. 18
0
 def get_objects(self, **kwargs):
     if current_user.is_anonymous() or not current_user.is_superuser():
         kwargs['id'] = self._customer.id
     return super(CustomerResource, self).get_objects(**kwargs)