def _apply_nested_privacy(self, data): """ Apply privacy to nested documents. :param data: Dict of data to which privacy is already applied. """ kw = { 'is_admin': self.is_admin, 'drop_hidden': self.drop_hidden, } for key, val in data.items(): if is_document(val): data[key] = apply_privacy(self.request)(result=val, **kw) elif isinstance(val, list) and val and is_document(val[0]): data[key] = [apply_privacy(self.request)(result=doc, **kw) for doc in val] return data
def _check_permissions(request, document): """ Check permissions of ES document. :param request: Pyramid Request instance that represents current request :param document: Dict representing valid ES document :return: Input document if it's not a valid document. None if user doesn't have permissions to see the document. Document with filtered relationships if user has permissions to see it. """ # Make sure `document` is a valid ES document if not is_document(document): return document # Check whether document can be displayed to user acl = engine.ACLField.objectify_acl(document.get('_acl', [])) context = SimpleContext(acl) if request.has_permission('view', context): return check_relations_permissions(request, document)