def deserialize(self, node, cstruct): """ Deserialize should get a list of id's from the request, it should try to fetch all the objects to ensure they exist, then return a list of objects. :param node: :class:`colander.SchemaNode` :param cstruct: Unvalidated list of id's :return: List of model objects """ # deserialize the list, so we don't have to validate that ourselves raw_ids = self.list_field.deserialize(node, cstruct) # list field.deserialize did not return a valid list if raw_ids == colander.null: return colander.null # list of id's should never contains a null item if None in raw_ids: raise colander.Invalid(node, "list of id's should not contain a null value") # loop and fetch each object, maybe we can do this in one query? ids = [self.field.deserialize(node, obj_id) for obj_id in raw_ids] # sqlalchemy generates a warning when using in_ with an empty lists if len(ids) > 0: # this will fetch all the objects in the m2m using a single query obj_list = list(DBSession.query(self.model).filter(self.model.id.in_(ids))) # not all the records in the m2m list exist actual_ids = {obj.id for obj in obj_list} missing = list(set(ids) - actual_ids) if missing: raise colander.Invalid(node, "{} objects with id {} do not exist".format(self.model.__name__, missing)) return obj_list else: return []
def deserialize(self, node, cstruct): """ Deserialize takes input data from the request, validates it, and returns the deserialized value for this field, which in this case is the fetched model instance of the foreign key field. :param node: :class:`colander.SchemaNode` :param cstruct: Unvalidated object id :return: Model instance """ value = self.field.deserialize(node, cstruct) # FIXME: we should possibly check if the self.pk is actually nullable # otherwise we might want to raise an Invalid exception here if value is colander.null: return None fk_obj = DBSession.query(self.model).get(value) # record was not found in db if fk_obj is None: raise colander.Invalid(node, '{} with id {} does not exist'.format(self.model.__name__, cstruct)) return fk_obj
def list_by_group(self): """ Returns a list of tuples (Permission, Group), only returns rows where permissions are used by a group. """ return DBSession.query(Permission, Group).join(Group.permissions)
def get_permissions(self): """ Returns a list of Permissions for this user based on their Groups. """ group_ids = [group.id for group in self.groups] return DBSession.query(Permission).join(Group.permissions).filter(Group.id.in_(group_ids))