def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_type, object_id, None):
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
ids_query = db.session.query(acl.object_id).join(acr).filter(
acr.read == 1,
acl.object_type == "Assessment",
acl.person_id == get_current_user_id(),
acl.object_id.in_(ids_query),
)
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group(
"Assessment_complete",
),
orm.Load(models.Assessment).joinedload(
"audit"
).undefer_group(
"Audit_complete",
),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions"
).undefer_group(
"CustomAttributeDefinitons_complete",
),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values"
).undefer_group(
"CustomAttributeValues_complete",
),
).filter(
models.Assessment.id.in_(ids_query)
)
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
total = query.count()
if limit:
query = pagination.apply_limit(query, limit)
# note that using pagination.get_total_count here would return wrong counts
# due to query being an eager query.
return query.all(), total
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
user_role = get_current_user().system_wide_role
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_type, object_id, None) and \
user_role != SystemWideRoles.CREATOR:
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
acp = models.all_models.AccessControlPerson
ids_query = db.session.query(acl.object_id).join(acr).join(
acp, acl.base_id == acp.ac_list_id).filter(
acr.read == 1,
acl.object_type == "Assessment",
acp.person_id == get_current_user_id(),
acl.object_id.in_(ids_query),
)
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group("Assessment_complete", ),
orm.Load(models.Assessment).joinedload("audit").undefer_group(
"Audit_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions").undefer_group(
"CustomAttributeDefinitons_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values").undefer_group(
"CustomAttributeValues_complete", ),
).filter(models.Assessment.id.in_(ids_query))
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
if limit:
objs = pagination.apply_limit(query, limit).all()
total = query.count()
else:
objs = query.all()
total = len(objs)
# note that using pagination.get_total_count here would return wrong counts
# due to query being an eager query.
return objs, total
def _get_ids(self, object_query):
"""Get a set of ids of objects described in the filters."""
object_name = object_query["object_name"]
expression = object_query.get("filters", {}).get("expression")
if expression is None:
return set()
object_class = inflector.get_model(object_name)
if object_class is None:
return set()
query = db.session.query(object_class.id)
tgt_class = object_class
if object_name == "Snapshot":
child_type = self._get_snapshot_child_type(object_query)
tgt_class = getattr(models.all_models, child_type, object_class)
requested_permissions = object_query.get("permissions", "read")
with benchmark("Get permissions: _get_ids > _get_type_query"):
type_query = self._get_type_query(object_class, requested_permissions)
if type_query is not None:
query = query.filter(type_query)
with benchmark("Parse filter query: _get_ids > _build_expression"):
filter_expression = custom_operators.build_expression(
expression,
object_class,
tgt_class,
self.query
)
if filter_expression is not None:
query = query.filter(filter_expression)
if object_query.get("order_by"):
with benchmark("Sorting: _get_ids > order_by"):
query = pagination.apply_order_by(
object_class,
query,
object_query["order_by"],
tgt_class,
)
with benchmark("Apply limit"):
limit = object_query.get("limit")
if limit:
limit_query = pagination.apply_limit(query, limit)
total = pagination.get_total_count(query)
ids = [obj.id for obj in limit_query]
else:
ids = [obj.id for obj in query]
total = len(ids)
object_query["total"] = total
return ids
def _get_ids(self, object_query):
"""Get a set of ids of objects described in the filters."""
object_name = object_query["object_name"]
expression = object_query.get("filters", {}).get("expression")
if expression is None:
return set()
object_class = inflector.get_model(object_name)
if object_class is None:
return set()
query = db.session.query(object_class.id)
tgt_class = object_class
if object_name == "Snapshot":
child_type = self._get_snapshot_child_type(object_query)
tgt_class = getattr(models.all_models, child_type, object_class)
requested_permissions = object_query.get("permissions", "read")
with benchmark("Get permissions: _get_ids > _get_type_query"):
type_query = self._get_type_query(object_class, requested_permissions)
if type_query is not None:
query = query.filter(type_query)
with benchmark("Parse filter query: _get_ids > _build_expression"):
filter_expression = custom_operators.build_expression(
expression,
object_class,
tgt_class,
self.query
)
if filter_expression is not None:
query = query.filter(filter_expression)
if object_query.get("order_by"):
with benchmark("Sorting: _get_ids > order_by"):
query = pagination.apply_order_by(
object_class,
query,
object_query["order_by"],
tgt_class,
)
with benchmark("Apply limit"):
limit = object_query.get("limit")
if limit:
limit_query = pagination.apply_limit(query, limit)
total = pagination.get_total_count(query)
ids = [obj.id for obj in limit_query]
else:
ids = [obj.id for obj in query]
total = len(ids)
object_query["total"] = total
return ids
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_id, object_type, None):
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
ids_query = db.session.query(acl.object_id).join(acr).filter(
acr.read.is_(True), acl.object_type == "Assessment",
acl.object_id.in_(ids_query))
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group("Assessment_complete", ),
orm.Load(models.Assessment).joinedload("audit").undefer_group(
"Audit_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions").undefer_group(
"CustomAttributeDefinitons_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values").undefer_group(
"CustomAttributeValues_complete", ),
).filter(models.Assessment.id.in_(ids_query))
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
if limit:
query, total = pagination.apply_limit(query, limit)
else:
total = query.count()
return query, total
