def mongoSearch(self, params): self.requireParams(('type', 'q'), params) allowed = { 'collection': ['_id', 'name', 'description'], 'folder': ['_id', 'name', 'description'], 'item': ['_id', 'name', 'description', 'folderId'], 'user': ['_id', 'firstName', 'lastName', 'login'] } limit, offset, sort = self.getPagingParameters(params, 'name') coll = params['type'] events.trigger('mongo_search.allowed_collections', info=allowed) if coll not in allowed: raise RestException('Invalid resource type: %s' % coll) try: query = bson.json_util.loads(params['q']) except ValueError: raise RestException('The query parameter must be a JSON object.') model = ModelImporter().model(coll) if hasattr(model, 'filterResultsByPermission'): cursor = model.find( query, fields=allowed[coll] + ['public', 'access']) return list(model.filterResultsByPermission( cursor, user=self.getCurrentUser(), level=AccessType.READ, limit=limit, offset=offset, removeKeys=('public', 'access'))) else: return list(model.find(query, fields=allowed[coll], limit=limit, offset=offset))
def mongoSearch(self, params): self.requireParams(('type', 'q'), params) allowed = { 'collection': ['_id', 'name', 'description'], 'folder': ['_id', 'name', 'description'], 'item': ['_id', 'name', 'description', 'folderId'], 'user': ['_id', 'firstName', 'lastName', 'login'] } limit, offset, sort = self.getPagingParameters(params, 'name') coll = params['type'] events.trigger('mongo_search.allowed_collections', info=allowed) if coll not in allowed: raise RestException('Invalid resource type: {}'.format(coll)) try: query = bson.json_util.loads(params['q']) except ValueError: raise RestException('The query parameter must be a JSON object.') model = ModelImporter().model(coll) if hasattr(model, 'filterResultsByPermission'): cursor = model.find( query, fields=allowed[coll] + ['public', 'access'], limit=0) return [r for r in model.filterResultsByPermission( cursor, user=self.getCurrentUser(), level=AccessType.READ, limit=limit, offset=offset, removeKeys=('public', 'access'))] else: return [r for r in model.find(query, fields=allowed[coll], limit=limit, offset=offset)]
def points(self, params): self.requireParams(('q',), params) limit, offset, sort = self.getPagingParameters(params, 'name') latitude = params.get('latitude', 'meta.latitude') longitude = params.get('longitude', 'meta.longitude') spec = { 'type': 'point', 'latitude': latitude, 'longitude': longitude, 'keys': ['meta', 'name', 'description', '_id'], 'flatten': ['meta'] } try: query = bson.json_util.loads(params['q']) except ValueError: # pragma: no cover raise RestException('The query parameter must be a JSON object.') events.trigger('geojson.points', info={ 'spec': spec, 'query': query }) # make sure the lat/lon are whitelisted keys to prevent private # data leaking if spec['latitude'].split('.')[0] not in spec['keys'] or \ spec['longitude'].split('.')[0] not in spec['keys']: raise RestException('Invalid latitude/longitude key.', code=402) coll = features.FeatureCollection(points=spec) item = ModelImporter().model('item') cursor = item.find( query, limit=0 ) cursor = item.filterResultsByPermission( cursor, user=self.getCurrentUser(), level=AccessType.READ, limit=limit, offset=offset ) try: obj = coll(points=cursor) except features.GeoJSONException: raise RestException( 'Could not assemble a geoJSON object from spec.', code=401 ) return obj