mirror of
https://codeberg.org/Mo8it/AdvLabDB.git
synced 2024-12-20 23:41:20 +00:00
Change queryFilter to query_modifier
This commit is contained in:
parent
854abb093b
commit
b2428d29f3
1 changed files with 9 additions and 12 deletions
|
@ -109,17 +109,14 @@ class CustomModelView(ModelView):
|
|||
# Redirect to login page if user doesn't have access
|
||||
return redirect(url_for("security.login", next=request.url))
|
||||
|
||||
def get_query(self):
|
||||
if not hasattr(self, "queryFilter"):
|
||||
return super().get_query()
|
||||
def query_modifier(self, query):
|
||||
return query
|
||||
|
||||
return super().get_query().filter(self.queryFilter())
|
||||
def get_query(self):
|
||||
return self.query_modifier(super().get_query())
|
||||
|
||||
def get_count_query(self):
|
||||
if not hasattr(self, "queryFilter"):
|
||||
return super().get_count_query()
|
||||
|
||||
return super().get_count_query().filter(self.queryFilter())
|
||||
return self.query_modifier(super().get_count_query())
|
||||
|
||||
def handle_view_exception(self, exc):
|
||||
if type(exc) in (ModelViewException, DataBaseException):
|
||||
|
@ -203,7 +200,7 @@ class SecureAssistantModelView(CustomModelView):
|
|||
SECURITY NOTES:
|
||||
- Every variable and method defined below in this class is NOT ALLOWED TO BE (completely) OVERWRITTEN!
|
||||
You can only extend the predefined methods.
|
||||
- The method queryFilter(self) has to be implemented!
|
||||
- The method query_modifier(self, query) has to be implemented!
|
||||
"""
|
||||
|
||||
# Assistants are not allowed to create or delete.
|
||||
|
@ -213,16 +210,16 @@ class SecureAssistantModelView(CustomModelView):
|
|||
def is_accessible(self):
|
||||
return assistantViewIsAccessible()
|
||||
|
||||
def queryFilter(self):
|
||||
def query_modifier(self, query):
|
||||
"""
|
||||
A default filter has to be implemented to restrict assistants read/write access.
|
||||
A default query modifier has to be implemented to restrict assistant's read/write access.
|
||||
See on_model_change!
|
||||
"""
|
||||
raise NotImplementedError()
|
||||
|
||||
def on_model_change(self, form, model, is_created):
|
||||
"""
|
||||
This method uses the filter returned by queryFilter (which has to be implemented!) to prevent assistants
|
||||
This method uses the modified query returned by query_modifier (which has to be implemented!) to prevent assistants
|
||||
from modifying models not listed on their view by sending a POST request with a different id.
|
||||
You can extend this method by implementing a custom on_model_change and then calling super().on_model_change within it.
|
||||
"""
|
||||
|
|
Loading…
Reference in a new issue