def get_access_where_clauses(self): users = [] roles = [] request = get_current_request() interaction = IInteraction(request) for user in interaction.participations: users.append(user.principal.id) users.extend(user.principal.groups) roles_dict = interaction.global_principal_roles( user.principal.id, user.principal.groups) roles.extend([key for key, value in roles_dict.items() if value]) clauses = [] if len(users) > 0: clauses.append("json->'access_users' ?| array['{}']".format( "','".join(users) )) if len(roles) > 0: clauses.append("json->'access_roles' ?| array['{}']".format( "','".join(roles) )) return '({})'.format( ' OR '.join(clauses) )
async def _build_security_query( self, container, query, doc_type=None, size=10, request=None, scroll=None): if query is None: query = {} q = {} # The users who has plone.AccessContent permission by prinperm # The roles who has plone.AccessContent permission by roleperm users = [] roles = [] if request is None: request = get_current_request() interaction = IInteraction(request) for user in interaction.participations: # pylint: disable=E1133 users.append(user.principal.id) users.extend(user.principal.groups) roles_dict = interaction.global_principal_roles( user.principal.id, user.principal.groups) roles.extend([key for key, value in roles_dict.items() if value]) # We got all users and roles # users: users and groups should_list = [{'match': {'access_roles': x}} for x in roles] should_list.extend([{'match': {'access_users': x}} for x in users]) permission_query = { 'query': { 'bool': { 'filter': { 'bool': { 'should': should_list, 'minimum_should_match': 1 } } } } } query = merge_dicts(query, permission_query) # query.update(permission_query) q['body'] = query q['size'] = size if scroll: q['scroll'] = scroll logger.debug(q) return q
async def build_security_query(container, request=None): # The users who has plone.AccessContent permission by prinperm # The roles who has plone.AccessContent permission by roleperm users = [] roles = [] if request is None: request = get_current_request() interaction = IInteraction(request) for user in interaction.participations: # pylint: disable=E1133 users.append(user.principal.id) users.extend(user.principal.groups) roles_dict = interaction.global_principal_roles( user.principal.id, user.principal.groups) roles.extend([key for key, value in roles_dict.items() if value]) # We got all users and roles # users: users and groups should_list = [{'match': {'access_roles': x}} for x in roles] should_list.extend([{'match': {'access_users': x}} for x in users]) return { 'query': { 'bool': { 'filter': { 'bool': { 'should': should_list, 'minimum_should_match': 1 } } } } }