def could_have_permission(permission, context, request):
"""Returns True if the current user (``request.user``) either holds the
`permission` in the given `context` or could hold it after
:term:`authentication upgrade`."""
if context is None:
return False
if not hasattr(context, '__acl__'):
# XXX is this bit of convenience appropriate?
context = contextualize(context)
outstanding = outstanding_principals(permission, context, request)
if not outstanding:
return True
# The user can gain the permission only if there is an alternative set in
# their outstanding_principals list of sets containing only upgradable
# principal types.
for altset in outstanding:
f = lambda x: x.startswith(UPGRADABLE_PRINCIPALS)
if all(map(f, altset)):
return True
return False
def could_have_permission(permission, context, request):
"""Returns True if the current user (``request.user``) either holds the
`permission` in the given `context` or could hold it after
:term:`authentication upgrade`."""
if context is None:
return False
if not hasattr(context, '__acl__'):
# XXX is this bit of convenience appropriate?
context = contextualize(context)
outstanding = outstanding_principals(permission, context, request)
if not outstanding:
return True
# The user can gain the permission only if there is an alternative set in
# their outstanding_principals list of sets containing only upgradable
# principal types.
for altset in outstanding:
f = lambda x: x.startswith(UPGRADABLE_PRINCIPALS)
if all(map(f, altset)):
return True
return False
def factory(request):
# This yields the "context", which should be the row object
try:
return contextualize(
model.session.query(sqla_column.parententity).filter(
sqla_column == request.matchdict[match_key]).one())
except NoResultFound:
# 404!
raise NotFound()
def factory(request):
# This yields the "context", which should be the row object
try:
return contextualize(
model.session.query(sqla_column.parententity)
.filter(sqla_column == request.matchdict[match_key])
.one())
except NoResultFound:
# 404!
raise NotFound()
def comments_factory(request):
# XXX prefetching on these?
type = request.matchdict['type']
identifier = request.matchdict['identifier']
try:
sqla_column = commentables[type]
entity = model.session.query(sqla_column.parententity).filter(sqla_column == identifier).one()
except (NoResultFound, KeyError):
# 404!
raise NotFound()
if 'comment_id' not in request.matchdict:
return contextualize(entity.discussion)
# URLs to specific comments should have those comments as the context
try:
return contextualize(
model.session .query(model.Comment)
.with_parent(entity.discussion)
.filter(model.Comment.id == request.matchdict['comment_id'])
.one())
except NoResultFound:
raise NotFound()
def comments_factory(request):
# XXX prefetching on these?
type = request.matchdict['type']
identifier = request.matchdict['identifier']
try:
sqla_column = commentables[type]
entity = model.session.query(sqla_column.parententity).filter(
sqla_column == identifier).one()
except (NoResultFound, KeyError):
# 404!
raise NotFound()
if 'comment_id' not in request.matchdict:
return contextualize(entity.discussion)
# URLs to specific comments should have those comments as the context
try:
return contextualize(
model.session.query(model.Comment).with_parent(
entity.discussion).filter(model.Comment.id == request.
matchdict['comment_id']).one())
except NoResultFound:
raise NotFound()
def user_permitted(permission, lst):
"""Filter iterable lst to include only ORM objects for which the request's
user holds the given permission."""
f = lambda obj: request.user.can(permission, contextualize(obj))
return filter(f, lst)
def user_permitted(permission, lst):
"""Filter iterable lst to include only ORM objects for which the request's
user holds the given permission."""
f = lambda obj: request.user.can(permission, contextualize(obj))
return filter(f, lst)