1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-12-20 23:41:20 +00:00

Change queryFilter to query_modifier

This commit is contained in:
Mo 2022-05-16 23:32:31 +02:00
parent 854abb093b
commit b2428d29f3

View file

@ -109,17 +109,14 @@ class CustomModelView(ModelView):
# Redirect to login page if user doesn't have access
return redirect(url_for("security.login", next=request.url))
def get_query(self):
if not hasattr(self, "queryFilter"):
return super().get_query()
def query_modifier(self, query):
return query
return super().get_query().filter(self.queryFilter())
def get_query(self):
return self.query_modifier(super().get_query())
def get_count_query(self):
if not hasattr(self, "queryFilter"):
return super().get_count_query()
return super().get_count_query().filter(self.queryFilter())
return self.query_modifier(super().get_count_query())
def handle_view_exception(self, exc):
if type(exc) in (ModelViewException, DataBaseException):
@ -203,7 +200,7 @@ class SecureAssistantModelView(CustomModelView):
SECURITY NOTES:
- Every variable and method defined below in this class is NOT ALLOWED TO BE (completely) OVERWRITTEN!
You can only extend the predefined methods.
- The method queryFilter(self) has to be implemented!
- The method query_modifier(self, query) has to be implemented!
"""
# Assistants are not allowed to create or delete.
@ -213,16 +210,16 @@ class SecureAssistantModelView(CustomModelView):
def is_accessible(self):
return assistantViewIsAccessible()
def queryFilter(self):
def query_modifier(self, query):
"""
A default filter has to be implemented to restrict assistants read/write access.
A default query modifier has to be implemented to restrict assistant's read/write access.
See on_model_change!
"""
raise NotImplementedError()
def on_model_change(self, form, model, is_created):
"""
This method uses the filter returned by queryFilter (which has to be implemented!) to prevent assistants
This method uses the modified query returned by query_modifier (which has to be implemented!) to prevent assistants
from modifying models not listed on their view by sending a POST request with a different id.
You can extend this method by implementing a custom on_model_change and then calling super().on_model_change within it.
"""