def _apply_access_restrictions_to_query(self, query, permission_name, perm):
conditions = []
for policy in self.policies_for_permission(permission_name):
result = policy.access_condition_for_query(query, permission_name, perm)
if result == True:
return QueryResultProxy(query)
elif result == False:
return StaticQuery([])
elif result is None:
continue
condition = result
if isinstance(result, tuple):
condition, query = result
conditions.append(condition)
if len(conditions) == 0:
# if there is no condition which can possibly allow the access,
# we should not return any items
return StaticQuery([])
restricted_query = query.distinct().filter(or_(*conditions))
return QueryResultProxy(restricted_query)
def setUp(self):
self.query = StaticQuery([1, 2, 3, 4, 5])
