def _get_type_query(model, permission_type, filter_ids=None): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update( ): return None if model.__name__ == "Revision": # Since revision contains all object data, query API should query only # revisions of objects user has right permission on. return QueryHelper._get_revision_type_query( model, permission_type, filter_ids) contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type) if contexts is None: return None return model.id.in_(resources) if resources else sa.sql.false()
def _get_assessments(self, model, object_type, object_id): """Get a list of assessments. Get a list of assessments with all their data from the db, according to the request GET parameters. """ ids_query = model.get_similar_objects_query(object_id, "Assessment") order_by = self._get_order_by_parameter() limit = self._get_limit_parameters() if not permissions.has_system_wide_read(): if not permissions.is_allowed_read(object_type, object_id, None): raise Forbidden() acl = models.all_models.AccessControlList acr = models.all_models.AccessControlRole ids_query = db.session.query(acl.object_id).join(acr).filter( acr.read == 1, acl.object_type == "Assessment", acl.person_id == get_current_user_id(), acl.object_id.in_(ids_query), ) query = models.Assessment.query.options( orm.Load(models.Assessment).undefer_group( "Assessment_complete", ), orm.Load(models.Assessment).joinedload( "audit" ).undefer_group( "Audit_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_definitions" ).undefer_group( "CustomAttributeDefinitons_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_values" ).undefer_group( "CustomAttributeValues_complete", ), ).filter( models.Assessment.id.in_(ids_query) ) if order_by: query = pagination.apply_order_by( models.Assessment, query, order_by, models.Assessment, ) total = query.count() if limit: query = pagination.apply_limit(query, limit) # note that using pagination.get_total_count here would return wrong counts # due to query being an eager query. return query.all(), total
def _get_assessments(self, model, object_type, object_id): """Get a list of assessments. Get a list of assessments with all their data from the db, according to the request GET parameters. """ user_role = get_current_user().system_wide_role ids_query = model.get_similar_objects_query(object_id, "Assessment") order_by = self._get_order_by_parameter() limit = self._get_limit_parameters() if not permissions.has_system_wide_read(): if not permissions.is_allowed_read(object_type, object_id, None) and \ user_role != SystemWideRoles.CREATOR: raise Forbidden() acl = models.all_models.AccessControlList acr = models.all_models.AccessControlRole acp = models.all_models.AccessControlPerson ids_query = db.session.query(acl.object_id).join(acr).join( acp, acl.base_id == acp.ac_list_id).filter( acr.read == 1, acl.object_type == "Assessment", acp.person_id == get_current_user_id(), acl.object_id.in_(ids_query), ) query = models.Assessment.query.options( orm.Load(models.Assessment).undefer_group("Assessment_complete", ), orm.Load(models.Assessment).joinedload("audit").undefer_group( "Audit_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_definitions").undefer_group( "CustomAttributeDefinitons_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_values").undefer_group( "CustomAttributeValues_complete", ), ).filter(models.Assessment.id.in_(ids_query)) if order_by: query = pagination.apply_order_by( models.Assessment, query, order_by, models.Assessment, ) if limit: objs = pagination.apply_limit(query, limit).all() total = query.count() else: objs = query.all() total = len(objs) # note that using pagination.get_total_count here would return wrong counts # due to query being an eager query. return objs, total
def _get_assessments(self, model, object_type, object_id): """Get a list of assessments. Get a list of assessments with all their data from the db, according to the request GET parameters. """ ids_query = model.get_similar_objects_query(object_id, "Assessment") order_by = self._get_order_by_parameter() limit = self._get_limit_parameters() if not permissions.has_system_wide_read(): if not permissions.is_allowed_read(object_id, object_type, None): raise Forbidden() acl = models.all_models.AccessControlList acr = models.all_models.AccessControlRole ids_query = db.session.query(acl.object_id).join(acr).filter( acr.read.is_(True), acl.object_type == "Assessment", acl.object_id.in_(ids_query)) query = models.Assessment.query.options( orm.Load(models.Assessment).undefer_group("Assessment_complete", ), orm.Load(models.Assessment).joinedload("audit").undefer_group( "Audit_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_definitions").undefer_group( "CustomAttributeDefinitons_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_values").undefer_group( "CustomAttributeValues_complete", ), ).filter(models.Assessment.id.in_(ids_query)) if order_by: query = pagination.apply_order_by( models.Assessment, query, order_by, models.Assessment, ) if limit: query, total = pagination.apply_limit(query, limit) else: total = query.count() return query, total
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update(): return None contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type ) if contexts is None: return None return model.id.in_(resources) if resources else sa.sql.false()
def _get_type_query(model, permission_type): """Filter by contexts and resources Prepare query to filter models based on the available contexts and resources for the given type of object. """ if permission_type == "read" and permissions.has_system_wide_read(): return None if permission_type == "update" and permissions.has_system_wide_update(): return None if model.__name__ == "Revision": # Since revision contains all object data, query API should query only # revisions of objects user has right permission on. return QueryHelper._get_revision_type_query(model, permission_type) contexts, resources = permissions.get_context_resource( model_name=model.__name__, permission_type=permission_type ) if contexts is None: return None return model.id.in_(resources) if resources else sa.sql.false()