def get_candidate_if_owned_by(obj_id, user_or_token, options=[]):
if Candidate.query.filter(Candidate.obj_id == obj_id).first() is None:
return None
user_group_ids = [g.id for g in user_or_token.groups]
c = (Candidate.query.filter(Candidate.obj_id == obj_id).filter(
Candidate.filter_id.in_(
DBSession.query(Filter.id).filter(
Filter.group_id.in_(user_group_ids)))).options(
options).first())
if c is None:
raise AccessError("Insufficient permissions.")
return c.obj
def source_is_owned_by(self, user_or_token):
source_group_ids = [
row[0] for row in DBSession.query(Source.group_id).filter(
Source.obj_id == self.obj_id).all()
]
return bool(set(source_group_ids) & {g.id for g in user_or_token.groups})
