def _get_type_query(model, permission_type, filter_ids=None):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update(
):
return None
if model.__name__ == "Revision":
# Since revision contains all object data, query API should query only
# revisions of objects user has right permission on.
return QueryHelper._get_revision_type_query(
model, permission_type, filter_ids)
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_type, object_id, None):
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
ids_query = db.session.query(acl.object_id).join(acr).filter(
acr.read == 1,
acl.object_type == "Assessment",
acl.person_id == get_current_user_id(),
acl.object_id.in_(ids_query),
)
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group(
"Assessment_complete",
),
orm.Load(models.Assessment).joinedload(
"audit"
).undefer_group(
"Audit_complete",
),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions"
).undefer_group(
"CustomAttributeDefinitons_complete",
),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values"
).undefer_group(
"CustomAttributeValues_complete",
),
).filter(
models.Assessment.id.in_(ids_query)
)
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
total = query.count()
if limit:
query = pagination.apply_limit(query, limit)
# note that using pagination.get_total_count here would return wrong counts
# due to query being an eager query.
return query.all(), total
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
user_role = get_current_user().system_wide_role
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_type, object_id, None) and \
user_role != SystemWideRoles.CREATOR:
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
acp = models.all_models.AccessControlPerson
ids_query = db.session.query(acl.object_id).join(acr).join(
acp, acl.base_id == acp.ac_list_id).filter(
acr.read == 1,
acl.object_type == "Assessment",
acp.person_id == get_current_user_id(),
acl.object_id.in_(ids_query),
)
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group("Assessment_complete", ),
orm.Load(models.Assessment).joinedload("audit").undefer_group(
"Audit_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions").undefer_group(
"CustomAttributeDefinitons_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values").undefer_group(
"CustomAttributeValues_complete", ),
).filter(models.Assessment.id.in_(ids_query))
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
if limit:
objs = pagination.apply_limit(query, limit).all()
total = query.count()
else:
objs = query.all()
total = len(objs)
# note that using pagination.get_total_count here would return wrong counts
# due to query being an eager query.
return objs, total
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_id, object_type, None):
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
ids_query = db.session.query(acl.object_id).join(acr).filter(
acr.read.is_(True), acl.object_type == "Assessment",
acl.object_id.in_(ids_query))
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group("Assessment_complete", ),
orm.Load(models.Assessment).joinedload("audit").undefer_group(
"Audit_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions").undefer_group(
"CustomAttributeDefinitons_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values").undefer_group(
"CustomAttributeValues_complete", ),
).filter(models.Assessment.id.in_(ids_query))
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
if limit:
query, total = pagination.apply_limit(query, limit)
else:
total = query.count()
return query, total
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update():
return None
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update():
return None
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update():
return None
if model.__name__ == "Revision":
# Since revision contains all object data, query API should query only
# revisions of objects user has right permission on.
return QueryHelper._get_revision_type_query(model, permission_type)
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is None:
return None
return model.id.in_(resources) if resources else sa.sql.false()
