def get(self):
return [ds.to_json() for ds in datasets.values()
if is_allowed(ds, current_user, op='read')]
def abort_if_unauthorized(obj, user, op):
if not is_allowed(obj, user, op):
abort(403,
message='User not authorized to {} object {}'.format(op, obj.id))
