def get_objects(self, **kwargs):
""" Method for extraction object list query
"""
if current_user.is_anonymous() or not current_user.is_superuser():
kwargs['customer_id'] = self._customer.id
return super(AddressResource, self).get_objects(**kwargs)
def get_objects(self, **kwargs):
""" Method for extraction object list query
"""
if current_user.is_anonymous() or not current_user.is_superuser():
kwargs['customer_id'] = self._customer.id
return super(AddressResource, self).get_objects(**kwargs)
def serialize(self, instance, include=None):
exclude = ['email']
if not (current_user.is_anonymous() or instance.is_anonymous()):
if current_user.id == instance.id or current_user.is_superuser():
exclude = []
return instance.as_dict(include, exclude)
def serialize(self, instance, include=None):
exclude = ['email']
if not (current_user.is_anonymous() or instance.is_anonymous()):
if current_user.id == instance.id or current_user.is_superuser():
exclude = []
return instance.as_dict(include, exclude)
def serialize(self, instance, include=None):
exclude = []
if current_user.is_anonymous() or instance.is_anonymous():
return instance.as_dict(include)
if current_user.id != instance.id or not current_user.is_superuser():
exclude.append('email')
return instance.as_dict(include, exclude)
def get_objects(self, **kwargs):
""" Method for extraction object list query
"""
if 'user_id' in request.args:
kwargs['user_id'] = request.args['user_id']
if not current_user.is_superuser():
kwargs['user_id'] = current_user.id
return super(BankAccountResource, self).get_objects(**kwargs)
def get_objects(self, **kwargs):
""" Method for extraction object list query
"""
if 'user_id' in request.args:
kwargs['user_id'] = request.args['user_id']
if not current_user.is_superuser():
kwargs['user_id'] = current_user.id
return super(BankAccountResource, self).get_objects(**kwargs)
def get_objects(self, **kwargs):
""" Method for extraction object list query
"""
self.model is None and abort(http.BAD_REQUEST)
if "user_id" in request.args:
kwargs["user_id"] = request.args["user_id"]
if not current_user.is_superuser():
kwargs["user_id"] = current_user.id
return self.model.query.filter_by(**kwargs)
def get_objects(self, **kwargs):
""" Method for extraction object list query
"""
if current_user.is_anonymous():
kwargs['customer_id'] = session['customer_id']
elif not current_user.is_superuser():
kwargs['customer_id'] = current_user.customer.id
# TODO: process product owners
self.model is None and abort(http.BAD_REQUEST)
return self.model.query.filter_by(**kwargs)
def wrapper(value):
trafaret = t.List(t.Int)
value = trafaret.check(value)
roles = Role.query.filter(Role.id.in_(value)).all()
if len(value) != len(roles):
return t.DataError(_("Roles are invalid"))
if current_user.is_superuser():
return roles
else:
return self.get_object(id).roles
def wrapper(value):
trafaret = t.List(t.Int)
value = trafaret.check(value)
roles = Role.query.filter(Role.id.in_(value)).all()
if len(value) != len(roles):
return t.DataError(_("Roles are invalid"))
if current_user.is_superuser():
return roles
else:
return self.get_object(id).roles
def get_object(self, id):
""" overriding base get_object flow
"""
if request.json and 'token' in request.json:
token = request.json['token']
expired, invalid, instance = confirm_email_token_status(token)
confirm_user(instance)
instance.save()
login_user(instance, True)
elif current_user.is_superuser():
instance = User.query.get_or_404(id)
else:
instance = current_user
instance is None and abort(http.NOT_FOUND)
return instance
def get_object(self, id):
""" overriding base get_object flow
"""
if request.json and 'token' in request.json:
token = request.json['token']
expired, invalid, instance = confirm_email_token_status(token)
confirm_user(instance)
instance.save()
login_user(instance, True)
elif current_user.is_superuser():
instance = User.query.get_or_404(id)
else:
instance = current_user
instance is None and abort(http.NOT_FOUND)
return instance
def get_objects(self, **kwargs):
if current_user.is_anonymous() or not current_user.is_superuser():
kwargs['id'] = self._customer.id
return super(CustomerResource, self).get_objects(**kwargs)
def get_object(self, id):
instance = super(BankAccountResource, self).get_object(id)
if instance.check_owner(current_user) or current_user.is_superuser():
return instance
return abort(http.UNAUTHORIZED)
def get_object(self, id):
instance = super(BankAccountResource, self).get_object(id)
if instance.check_owner(current_user) or current_user.is_superuser():
return instance
return abort(http.UNAUTHORIZED)
def get_objects(self, **kwargs):
if current_user.is_anonymous():
kwargs["id"] = session.get("customer_id") or abort(http.NOT_FOUND)
elif not current_user.is_superuser():
kwargs["id"] = current_user.customer.id
return super(CustomerResource, self).get_objects(**kwargs)
def get_objects(self, **kwargs):
if current_user.is_anonymous() or not current_user.is_superuser():
kwargs['id'] = self._customer.id
return super(CustomerResource, self).get_objects(**kwargs)