def ensure_constrained(query): from app import auth if not query._user_bound or not auth.apply_security: return query mzero = query._mapper_zero() if mzero is not None: user_security = auth.get_current_user_security() if user_security.is_restricted(): # use reflection to get current model cls = mzero.class_ # if model includes mine_guid, apply filter on mine_guid. if hasattr(cls, 'mine_guid') and query._user_bound: query = query.enable_assertions(False).filter( cls.mine_guid.in_(user_security.mine_ids)) return query
def put(self): user_security = auth.get_current_user_security() return user_security.is_restricted()