mirror of
https://codeberg.org/Mo8it/AdvLabDB.git
synced 2024-12-20 23:41:20 +00:00
Change queryFilter to query_modifier
This commit is contained in:
parent
854abb093b
commit
b2428d29f3
1 changed files with 9 additions and 12 deletions
|
@ -109,17 +109,14 @@ class CustomModelView(ModelView):
|
||||||
# Redirect to login page if user doesn't have access
|
# Redirect to login page if user doesn't have access
|
||||||
return redirect(url_for("security.login", next=request.url))
|
return redirect(url_for("security.login", next=request.url))
|
||||||
|
|
||||||
def get_query(self):
|
def query_modifier(self, query):
|
||||||
if not hasattr(self, "queryFilter"):
|
return query
|
||||||
return super().get_query()
|
|
||||||
|
|
||||||
return super().get_query().filter(self.queryFilter())
|
def get_query(self):
|
||||||
|
return self.query_modifier(super().get_query())
|
||||||
|
|
||||||
def get_count_query(self):
|
def get_count_query(self):
|
||||||
if not hasattr(self, "queryFilter"):
|
return self.query_modifier(super().get_count_query())
|
||||||
return super().get_count_query()
|
|
||||||
|
|
||||||
return super().get_count_query().filter(self.queryFilter())
|
|
||||||
|
|
||||||
def handle_view_exception(self, exc):
|
def handle_view_exception(self, exc):
|
||||||
if type(exc) in (ModelViewException, DataBaseException):
|
if type(exc) in (ModelViewException, DataBaseException):
|
||||||
|
@ -203,7 +200,7 @@ class SecureAssistantModelView(CustomModelView):
|
||||||
SECURITY NOTES:
|
SECURITY NOTES:
|
||||||
- Every variable and method defined below in this class is NOT ALLOWED TO BE (completely) OVERWRITTEN!
|
- Every variable and method defined below in this class is NOT ALLOWED TO BE (completely) OVERWRITTEN!
|
||||||
You can only extend the predefined methods.
|
You can only extend the predefined methods.
|
||||||
- The method queryFilter(self) has to be implemented!
|
- The method query_modifier(self, query) has to be implemented!
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# Assistants are not allowed to create or delete.
|
# Assistants are not allowed to create or delete.
|
||||||
|
@ -213,16 +210,16 @@ class SecureAssistantModelView(CustomModelView):
|
||||||
def is_accessible(self):
|
def is_accessible(self):
|
||||||
return assistantViewIsAccessible()
|
return assistantViewIsAccessible()
|
||||||
|
|
||||||
def queryFilter(self):
|
def query_modifier(self, query):
|
||||||
"""
|
"""
|
||||||
A default filter has to be implemented to restrict assistants read/write access.
|
A default query modifier has to be implemented to restrict assistant's read/write access.
|
||||||
See on_model_change!
|
See on_model_change!
|
||||||
"""
|
"""
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
|
||||||
def on_model_change(self, form, model, is_created):
|
def on_model_change(self, form, model, is_created):
|
||||||
"""
|
"""
|
||||||
This method uses the filter returned by queryFilter (which has to be implemented!) to prevent assistants
|
This method uses the modified query returned by query_modifier (which has to be implemented!) to prevent assistants
|
||||||
from modifying models not listed on their view by sending a POST request with a different id.
|
from modifying models not listed on their view by sending a POST request with a different id.
|
||||||
You can extend this method by implementing a custom on_model_change and then calling super().on_model_change within it.
|
You can extend this method by implementing a custom on_model_change and then calling super().on_model_change within it.
|
||||||
"""
|
"""
|
||||||
|
|
Loading…
Reference in a new issue