mo8it/AdvLabDB
1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-11-08 21:21:06 +00:00
Code Releases Activity

Change queryFilter to query_modifier

Browse source
This commit is contained in:
Mo 2022-05-16 23:32:31 +02:00
parent 854abb093b
commit b2428d29f3
1 changed files with 9 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
advlabdb/customClasses.py
View file

@ -109,17 +109,14 @@ class CustomModelView(ModelView):
# Redirect to login page if user doesn't have access # Redirect to login page if user doesn't have access
return redirect(url_for("security.login", next=request.url)) return redirect(url_for("security.login", next=request.url))
def get_query(self): def query_modifier(self, query):
if not hasattr(self, "queryFilter"): return query
return super().get_query()
return super().get_query().filter(self.queryFilter()) def get_query(self):
return self.query_modifier(super().get_query())
def get_count_query(self): def get_count_query(self):
if not hasattr(self, "queryFilter"): return self.query_modifier(super().get_count_query())
return super().get_count_query()
return super().get_count_query().filter(self.queryFilter())
def handle_view_exception(self, exc): def handle_view_exception(self, exc):
if type(exc) in (ModelViewException, DataBaseException): if type(exc) in (ModelViewException, DataBaseException):
@ -203,7 +200,7 @@ class SecureAssistantModelView(CustomModelView):
SECURITY NOTES: SECURITY NOTES:
- Every variable and method defined below in this class is NOT ALLOWED TO BE (completely) OVERWRITTEN! - Every variable and method defined below in this class is NOT ALLOWED TO BE (completely) OVERWRITTEN!
You can only extend the predefined methods. You can only extend the predefined methods.
- The method queryFilter(self) has to be implemented! - The method query_modifier(self, query) has to be implemented!
""" """
# Assistants are not allowed to create or delete. # Assistants are not allowed to create or delete.
@ -213,16 +210,16 @@ class SecureAssistantModelView(CustomModelView):
def is_accessible(self): def is_accessible(self):
return assistantViewIsAccessible() return assistantViewIsAccessible()
def queryFilter(self): def query_modifier(self, query):
""" """
A default filter has to be implemented to restrict assistants read/write access. A default query modifier has to be implemented to restrict assistant's read/write access.
See on_model_change! See on_model_change!
""" """
raise NotImplementedError() raise NotImplementedError()
def on_model_change(self, form, model, is_created): def on_model_change(self, form, model, is_created):
""" """
This method uses the filter returned by queryFilter (which has to be implemented!) to prevent assistants This method uses the modified query returned by query_modifier (which has to be implemented!) to prevent assistants
from modifying models not listed on their view by sending a POST request with a different id. from modifying models not listed on their view by sending a POST request with a different id.
You can extend this method by implementing a custom on_model_change and then calling super().on_model_change within it. You can extend this method by implementing a custom on_model_change and then calling super().on_model_change within it.
""" """