def _get_extra_instance(self, model, key, user_attr="creation_user"):
"""Tries to get a instance of model with getp2. The primary key is
obtained from the extra key ``key``.
@param model {class}: A sqlalchemy model class with a query attribute.
@param key {string}: The extra key where to find the pk id.
@param user_attr {string}: Check for user attribute (default:
"creation_user") match with req.user or do nothing if None.
"""
try:
id_ = p2_to_int(self.extra[key])
except (ValueError, KeyError, TypeError):
# Pretend the module does not exist (with these parameters)
raise LookupError("No compatible module found for these "
"parameters.")
instance = model.query.get(id_)
if not instance:
raise JSONException("Could not find an instance of what you are "
"searching for.")
if user_attr:
attr = getattr(instance, user_attr)
if attr != self.request.user:
raise PermissionError("You are not authorized to view and/or "
"alter this instance.")
return instance
