def get(self): return [ds.to_json() for ds in datasets.values() if is_allowed(ds, current_user, op='read')]
def abort_if_unauthorized(obj, user, op): if not is_allowed(obj, user, op): abort(403, message='User not authorized to {} object {}'.format(op, obj.id))