def get_permissions_query(self, model_names, permission_type='read', permission_model=None): """Prepare the query based on the allowed contexts and resources for each of the required objects(models). """ type_queries = [] for model_name in model_names: contexts, resources = query_helpers.get_context_resource( model_name=model_name, permission_type=permission_type, permission_model=permission_model) if contexts is not None: if resources: resource_sql = and_(MysqlRecordProperty.type == model_name, MysqlRecordProperty.key.in_(resources)) else: resource_sql = false() type_query = or_( and_( MysqlRecordProperty.type == model_name, context_query_filter(MysqlRecordProperty.context_id, contexts)), resource_sql) type_queries.append(type_query) return and_(MysqlRecordProperty.type.in_(model_names), or_(*type_queries))
def get_permissions_query(model_names, permission_type='read', permission_model=None): """Prepare the query based on the allowed contexts and resources for each of the required objects(models). """ type_queries = [] for model_name in model_names: contexts, resources = permissions.get_context_resource( model_name=model_name, permission_type=permission_type, permission_model=permission_model ) statement = and_( MysqlRecordProperty.type == model_name, context_query_filter(MysqlRecordProperty.context_id, contexts) ) if resources: statement = or_(and_(MysqlRecordProperty.type == model_name, MysqlRecordProperty.key.in_(resources)), statement) type_queries.append(statement) return and_( MysqlRecordProperty.type.in_(model_names), or_(*type_queries))
def get_permissions_query(model_names, permission_type='read', permission_model=None): """Prepare the query based on the allowed contexts and resources for each of the required objects(models). """ type_queries = [] for model_name in model_names: contexts, resources = query_helpers.get_context_resource( model_name=model_name, permission_type=permission_type, permission_model=permission_model ) if contexts is not None: if resources: resource_sql = and_( MysqlRecordProperty.type == model_name, MysqlRecordProperty.key.in_(resources)) else: resource_sql = false() type_query = or_( and_( MysqlRecordProperty.type == model_name, context_query_filter(MysqlRecordProperty.context_id, contexts) ), resource_sql) type_queries.append(type_query) return and_( MysqlRecordProperty.type.in_(model_names), or_(*type_queries))
def get_permissions_query(model_names, permission_type='read'): """Prepare the query based on the allowed contexts and resources for each of the required objects(models). """ if not model_names: # If there are no model names set, the result of the permissions query # will always be false, so we can just return false instead of having an # empty in statement combined with an empty list joined by or statement. return sa.false() type_queries = [] for model_name in model_names: contexts, resources = permissions.get_context_resource( model_name=model_name, permission_type=permission_type, ) statement = sa.and_( MysqlRecordProperty.type == model_name, context_query_filter(MysqlRecordProperty.context_id, contexts)) if resources: statement = sa.or_( sa.and_(MysqlRecordProperty.type == model_name, MysqlRecordProperty.key.in_(resources)), statement) type_queries.append(statement) return sa.and_(MysqlRecordProperty.type.in_(model_names), sa.or_(*type_queries))
def get_permissions_query(model_names, permission_type='read'): """Prepare the query based on the allowed contexts and resources for each of the required objects(models). """ if not model_names: # If there are no model names set, the result of the permissions query # will always be false, so we can just return false instead of having an # empty in statement combined with an empty list joined by or statement. return sa.false() type_queries = [] for model_name in model_names: contexts, resources = permissions.get_context_resource( model_name=model_name, permission_type=permission_type, ) statement = sa.and_( MysqlRecordProperty.type == model_name, context_query_filter(MysqlRecordProperty.context_id, contexts) ) if resources: statement = sa.or_(sa.and_(MysqlRecordProperty.type == model_name, MysqlRecordProperty.key.in_(resources)), statement) type_queries.append(statement) return sa.and_( MysqlRecordProperty.type.in_(model_names), sa.or_(*type_queries) )
def _get_type_query(self, model_names, permission_type='read', permission_model=None): type_queries = [] for model_name in model_names: type_query = None if permission_type == 'read': contexts = permissions.read_contexts_for(permission_model or model_name) resources = permissions.read_resources_for(permission_model or model_name) elif permission_type == 'create': contexts = permissions.create_contexts_for(permission_model or model_name) resources = permissions.create_resources_for(permission_model or model_name) elif permission_type == 'update': contexts = permissions.update_contexts_for(permission_model or model_name) resources = permissions.update_resources_for(permission_model or model_name) elif permission_type == 'delete': contexts = permissions.delete_contexts_for(permission_model or model_name) resources = permissions.delete_resources_for(permission_model or model_name) if permission_model and contexts: contexts = set(contexts) & set( permissions.read_contexts_for(model_name)) if contexts is not None: # Don't filter out None contexts here if None not in contexts and permission_type == "read": contexts.append(None) if resources: resource_sql = and_(MysqlRecordProperty.type == model_name, MysqlRecordProperty.key.in_(resources)) else: resource_sql = false() type_query = or_( and_( MysqlRecordProperty.type == model_name, context_query_filter(MysqlRecordProperty.context_id, contexts)), resource_sql) type_queries.append(type_query) return and_(MysqlRecordProperty.type.in_(model_names), or_(*type_queries))
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ contexts, resources = query_helpers.get_context_resource( model_name=model.__name__, permission_type=permission_type) if contexts is not None: if resources: resource_sql = model.id.in_(resources) else: resource_sql = sa.sql.false() return sa.or_(context_query_filter(model.context_id, contexts), resource_sql)
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type ) if contexts is not None: if resources: resource_sql = model.id.in_(resources) else: resource_sql = sa.sql.false() return sa.or_( context_query_filter(model.context_id, contexts), resource_sql)
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update(): return None contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type ) if contexts is not None: return sa.or_(context_query_filter(model.context_id, contexts), model.id.in_(resources) if resources else sa.sql.false()) return sa.sql.true()
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update( ): return None contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type) if contexts is not None: return sa.or_( context_query_filter(model.context_id, contexts), model.id.in_(resources) if resources else sa.sql.false()) return sa.sql.true()