def get_permissions_query(self,
model_names,
permission_type='read',
permission_model=None):
"""Prepare the query based on the allowed contexts and resources for
each of the required objects(models).
"""
type_queries = []
for model_name in model_names:
contexts, resources = query_helpers.get_context_resource(
model_name=model_name,
permission_type=permission_type,
permission_model=permission_model)
if contexts is not None:
if resources:
resource_sql = and_(MysqlRecordProperty.type == model_name,
MysqlRecordProperty.key.in_(resources))
else:
resource_sql = false()
type_query = or_(
and_(
MysqlRecordProperty.type == model_name,
context_query_filter(MysqlRecordProperty.context_id,
contexts)), resource_sql)
type_queries.append(type_query)
return and_(MysqlRecordProperty.type.in_(model_names),
or_(*type_queries))
def get_permissions_query(model_names, permission_type='read',
permission_model=None):
"""Prepare the query based on the allowed contexts and resources for
each of the required objects(models).
"""
type_queries = []
for model_name in model_names:
contexts, resources = permissions.get_context_resource(
model_name=model_name,
permission_type=permission_type,
permission_model=permission_model
)
statement = and_(
MysqlRecordProperty.type == model_name,
context_query_filter(MysqlRecordProperty.context_id, contexts)
)
if resources:
statement = or_(and_(MysqlRecordProperty.type == model_name,
MysqlRecordProperty.key.in_(resources)),
statement)
type_queries.append(statement)
return and_(
MysqlRecordProperty.type.in_(model_names),
or_(*type_queries))
def get_permissions_query(model_names, permission_type='read',
permission_model=None):
"""Prepare the query based on the allowed contexts and resources for
each of the required objects(models).
"""
type_queries = []
for model_name in model_names:
contexts, resources = query_helpers.get_context_resource(
model_name=model_name,
permission_type=permission_type,
permission_model=permission_model
)
if contexts is not None:
if resources:
resource_sql = and_(
MysqlRecordProperty.type == model_name,
MysqlRecordProperty.key.in_(resources))
else:
resource_sql = false()
type_query = or_(
and_(
MysqlRecordProperty.type == model_name,
context_query_filter(MysqlRecordProperty.context_id, contexts)
),
resource_sql)
type_queries.append(type_query)
return and_(
MysqlRecordProperty.type.in_(model_names),
or_(*type_queries))
def get_permissions_query(model_names, permission_type='read'):
"""Prepare the query based on the allowed contexts and resources for
each of the required objects(models).
"""
if not model_names:
# If there are no model names set, the result of the permissions query
# will always be false, so we can just return false instead of having an
# empty in statement combined with an empty list joined by or statement.
return sa.false()
type_queries = []
for model_name in model_names:
contexts, resources = permissions.get_context_resource(
model_name=model_name,
permission_type=permission_type,
)
statement = sa.and_(
MysqlRecordProperty.type == model_name,
context_query_filter(MysqlRecordProperty.context_id, contexts))
if resources:
statement = sa.or_(
sa.and_(MysqlRecordProperty.type == model_name,
MysqlRecordProperty.key.in_(resources)), statement)
type_queries.append(statement)
return sa.and_(MysqlRecordProperty.type.in_(model_names),
sa.or_(*type_queries))
def get_permissions_query(model_names, permission_type='read'):
"""Prepare the query based on the allowed contexts and resources for
each of the required objects(models).
"""
if not model_names:
# If there are no model names set, the result of the permissions query
# will always be false, so we can just return false instead of having an
# empty in statement combined with an empty list joined by or statement.
return sa.false()
type_queries = []
for model_name in model_names:
contexts, resources = permissions.get_context_resource(
model_name=model_name,
permission_type=permission_type,
)
statement = sa.and_(
MysqlRecordProperty.type == model_name,
context_query_filter(MysqlRecordProperty.context_id, contexts)
)
if resources:
statement = sa.or_(sa.and_(MysqlRecordProperty.type == model_name,
MysqlRecordProperty.key.in_(resources)),
statement)
type_queries.append(statement)
return sa.and_(
MysqlRecordProperty.type.in_(model_names),
sa.or_(*type_queries)
)
def _get_type_query(self,
model_names,
permission_type='read',
permission_model=None):
type_queries = []
for model_name in model_names:
type_query = None
if permission_type == 'read':
contexts = permissions.read_contexts_for(permission_model
or model_name)
resources = permissions.read_resources_for(permission_model
or model_name)
elif permission_type == 'create':
contexts = permissions.create_contexts_for(permission_model
or model_name)
resources = permissions.create_resources_for(permission_model
or model_name)
elif permission_type == 'update':
contexts = permissions.update_contexts_for(permission_model
or model_name)
resources = permissions.update_resources_for(permission_model
or model_name)
elif permission_type == 'delete':
contexts = permissions.delete_contexts_for(permission_model
or model_name)
resources = permissions.delete_resources_for(permission_model
or model_name)
if permission_model and contexts:
contexts = set(contexts) & set(
permissions.read_contexts_for(model_name))
if contexts is not None:
# Don't filter out None contexts here
if None not in contexts and permission_type == "read":
contexts.append(None)
if resources:
resource_sql = and_(MysqlRecordProperty.type == model_name,
MysqlRecordProperty.key.in_(resources))
else:
resource_sql = false()
type_query = or_(
and_(
MysqlRecordProperty.type == model_name,
context_query_filter(MysqlRecordProperty.context_id,
contexts)), resource_sql)
type_queries.append(type_query)
return and_(MysqlRecordProperty.type.in_(model_names),
or_(*type_queries))
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
contexts, resources = query_helpers.get_context_resource(
model_name=model.__name__, permission_type=permission_type)
if contexts is not None:
if resources:
resource_sql = model.id.in_(resources)
else:
resource_sql = sa.sql.false()
return sa.or_(context_query_filter(model.context_id, contexts),
resource_sql)
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is not None:
if resources:
resource_sql = model.id.in_(resources)
else:
resource_sql = sa.sql.false()
return sa.or_(
context_query_filter(model.context_id, contexts),
resource_sql)
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update():
return None
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type
)
if contexts is not None:
return sa.or_(context_query_filter(model.context_id, contexts),
model.id.in_(resources) if resources else sa.sql.false())
return sa.sql.true()
def _get_type_query(model, permission_type):
"""Filter by contexts and resources
Prepare query to filter models based on the available contexts and
resources for the given type of object.
"""
if permission_type == "read" and permissions.has_system_wide_read():
return None
if permission_type == "update" and permissions.has_system_wide_update(
):
return None
contexts, resources = permissions.get_context_resource(
model_name=model.__name__, permission_type=permission_type)
if contexts is not None:
return sa.or_(
context_query_filter(model.context_id, contexts),
model.id.in_(resources) if resources else sa.sql.false())
return sa.sql.true()
