def get_collection(self, filter_by_contexts=True): if hasattr(self.model, 'eager_query'): query = self.model.eager_query() else: query = db.session.query(self.model) joinlist = [] if request.args: querybuilder = AttributeQueryBuilder(self.model) filter, joinlist = querybuilder.collection_filters(request.args) if filter is not None: for j in joinlist: query = query.join(j) query = query.filter(filter) if filter_by_contexts: contexts = permissions.read_contexts_for(self.model.__name__) if contexts is not None: query = query.filter(or_( self.model.context_id.in_(contexts), self.model.context_id == None)) for j in joinlist: j_class = j.property.mapper.class_ j_contexts = permissions.read_contexts_for(j_class.__name__) if j_contexts is not None: query = query.filter(or_( j_class.context_id.in_(j_contexts), j_class.context_id == None)) return query.order_by(self.modified_attr.desc())
def get_collection(self, filter_by_contexts=True): if hasattr(self.model, 'eager_query'): query = self.model.eager_query() else: query = db.session.query(self.model) joinlist = [] if request.args: querybuilder = AttributeQueryBuilder(self.model) filter, joinlist = querybuilder.collection_filters(request.args) if filter is not None: for j in joinlist: query = query.join(j) query = query.filter(filter) if filter_by_contexts: contexts = permissions.read_contexts_for(self.model.__name__) if contexts is not None: query = query.filter( or_(self.model.context_id.in_(contexts), self.model.context_id == None)) for j in joinlist: j_class = j.property.mapper.class_ j_contexts = permissions.read_contexts_for(j_class.__name__) if j_contexts is not None: query = query.filter( or_(j_class.context_id.in_(j_contexts), j_class.context_id == None)) return query.order_by(self.modified_attr.desc())
def _get_type_query(self, model_names, permission_type='read', permission_model=None): type_queries = [] for model_name in model_names: type_query = None if permission_type == 'read': contexts = permissions.read_contexts_for(permission_model or model_name) resources = permissions.read_resources_for(permission_model or model_name) elif permission_type == 'create': contexts = permissions.create_contexts_for(permission_model or model_name) resources = permissions.create_resources_for(permission_model or model_name) elif permission_type == 'update': contexts = permissions.update_contexts_for(permission_model or model_name) resources = permissions.update_resources_for(permission_model or model_name) elif permission_type == 'delete': contexts = permissions.delete_contexts_for(permission_model or model_name) resources = permissions.delete_resources_for(permission_model or model_name) if permission_model and contexts: contexts = set(contexts) & set( permissions.read_contexts_for(model_name)) if contexts is not None: # Don't filter out None contexts here if None not in contexts and permission_type == "read": contexts.append(None) if resources: resource_sql = and_(MysqlRecordProperty.type == model_name, MysqlRecordProperty.key.in_(resources)) else: resource_sql = false() type_query = or_( and_( MysqlRecordProperty.type == model_name, context_query_filter(MysqlRecordProperty.context_id, contexts)), resource_sql) type_queries.append(type_query) return and_(MysqlRecordProperty.type.in_(model_names), or_(*type_queries))
def get_collection(self, filter_by_contexts=True): if "__stubs_only" not in request.args and hasattr(self.model, "eager_query"): query = self.model.eager_query() else: query = db.session.query(self.model) joinlist = [] if request.args: querybuilder = AttributeQueryBuilder(self.model) filter, joinlist, options = querybuilder.collection_filters(request.args) if filter is not None: for j in joinlist: query = query.join(j) query = query.filter(filter) if options: query = query.options(*options) if filter_by_contexts: contexts = permissions.read_contexts_for(self.model.__name__) filter_expr = None if contexts is not None and None in contexts: filter_expr = self.model.context_id == None contexts.remove(None) if contexts is not None and len(contexts) > 0: filter_in_expr = self.model.context_id.in_(contexts) if filter_expr is not None: filter_expr = or_(filter_expr, filter_in_expr) else: filter_expr = filter_in_expr elif contexts is not None and not filter_expr: # No context should match. filter_expr = self.model.context_id == -1 if filter_expr is not None: query = query.filter(filter_expr) for j in joinlist: j_class = j.property.mapper.class_ j_contexts = permissions.read_contexts_for(j_class.__name__) if j_contexts is not None: query = query.filter(or_(j_class.context_id.in_(j_contexts), j_class.context_id == None)) query = query.order_by(self.modified_attr.desc()) if "__limit" in request.args: try: limit = int(request.args["__limit"]) query = query.limit(limit) except (TypeError, ValueError): pass return query
def _get_type_query( self, types=None, permission_type='read', permission_model=None): model_names = [model.__name__ for model in all_models] if types is not None: model_names = [m for m in model_names if m in types] type_queries = [] for model_name in model_names: type_query = None if permission_type == 'read': type_permissions = permissions.read_contexts_for( permission_model or model_name) elif permission_type == 'create': type_permissions = permissions.create_contexts_for( permission_model or model_name) elif permission_type == 'update': type_permissions = permissions.update_contexts_for( permission_model or model_name) elif permission_type == 'delete': type_permissions = permissions.delete_contexts_for( permission_model or model_name) if permission_model and type_permissions: type_permissions = set(type_permissions) & set( permissions.read_contexts_for(model_name)) if type_permissions is None: type_query = (MysqlRecordProperty.type == model_name) elif type_permissions: type_query = and_( MysqlRecordProperty.type == model_name, MysqlRecordProperty.context_id.in_(type_permissions)) else: type_query = False type_queries.append(type_query) return and_( MysqlRecordProperty.type.in_(model_names), or_( MysqlRecordProperty.context_id == None, *type_queries))
def get_context_resource(model_name, permission_type='read', permission_model=None): """Get allowed contexts and resources.""" permissions_map = { "create": (pr.create_contexts_for, pr.create_resources_for), "read": (pr.read_contexts_for, pr.read_resources_for), "update": (pr.update_contexts_for, pr.update_resources_for), "delete": (pr.delete_contexts_for, pr.delete_resources_for), } contexts = permissions_map[permission_type][0](permission_model or model_name) resources = permissions_map[permission_type][1](permission_model or model_name) if permission_model and contexts: contexts = set(contexts) & set(pr.read_contexts_for(model_name)) return contexts, resources
def get_context_resource(model_name, permission_type='read', permission_model=None): """Get allowed contexts and resources.""" permissions_map = { "create": (pr.create_contexts_for, pr.create_resources_for), "read": (pr.read_contexts_for, pr.read_resources_for), "update": (pr.update_contexts_for, pr.update_resources_for), "delete": (pr.delete_contexts_for, pr.delete_resources_for), } contexts = permissions_map[permission_type][0]( permission_model or model_name) resources = permissions_map[permission_type][1]( permission_model or model_name) if permission_model and contexts: contexts = set(contexts) & set( pr.read_contexts_for(model_name)) return contexts, resources
def search(self, terms): type_clauses = [] for model in all_models: clause = 'type = "{0}"'.format(model.__name__) type_permissions = permissions.read_contexts_for(model.__name__) if type_permissions is None: # can read in all contexts type_clauses.append('({0})'.format(clause)) elif type_permissions: # can read in limited contexts clause = '{0} and context_id in ({1})'.format( clause, ','.join(['{0}'.format(id) for id in type_permissions])) type_clauses.append('({0})'.format(clause)) else: # else, can't read in any context, don't add a clause for it pass type_clauses_str = ' or '.join(type_clauses) if len(type_clauses) > 1: type_clauses_str = '({0})'.format(type_clauses_str) query = db.session.query(self.record_type).filter( '(match (content) against (:terms)) and {0}'.format(type_clauses_str))\ .params(terms=terms).all() return query
def search(self, terms): type_clauses =[] for model in all_models: clause = 'type = "{0}"'.format(model.__name__) type_permissions = permissions.read_contexts_for(model.__name__) if type_permissions is None: # can read in all contexts type_clauses.append('({0})'.format(clause)) elif type_permissions: # can read in limited contexts clause = '{0} and context_id in ({1})'.format( clause, ','.join(['{0}'.format(id) for id in type_permissions])) type_clauses.append('({0})'.format(clause)) else: # else, can't read in any context, don't add a clause for it pass type_clauses_str = ' or '.join(type_clauses) if len(type_clauses) > 1: type_clauses_str = '({0})'.format(type_clauses_str) query = db.session.query(self.record_type).filter( '(match (content) against (:terms)) and {0}'.format(type_clauses_str))\ .params(terms=terms).all() return query