def get_candidate_if_owned_by(obj_id, user_or_token, options=[]): if Candidate.query.filter(Candidate.obj_id == obj_id).first() is None: return None user_group_ids = [g.id for g in user_or_token.groups] c = (Candidate.query.filter(Candidate.obj_id == obj_id).filter( Candidate.filter_id.in_( DBSession.query(Filter.id).filter( Filter.group_id.in_(user_group_ids)))).options( options).first()) if c is None: raise AccessError("Insufficient permissions.") return c.obj
def source_is_owned_by(self, user_or_token): source_group_ids = [ row[0] for row in DBSession.query(Source.group_id).filter( Source.obj_id == self.obj_id).all() ] return bool(set(source_group_ids) & {g.id for g in user_or_token.groups})