smorest_crud.access_control package¶
Module contents¶
-
class
smorest_crud.access_control.AccessControlQuery(entities, session=None)[source]¶ Bases:
flask_sqlalchemy.BaseQueryBase query class to use for access restriction.
-
query_for_user(user)[source]¶ Access control query for the given user instance.
- Return type
Type[AccessControlQuery]
-
-
class
smorest_crud.access_control.AccessControlUser(*args, **kwds)[source]¶ Bases:
Generic[smorest_crud.access_control.models.T]A model mixin to implement access checks for a given model/user.
Required on all models for views with access checks enabled.
Example:
class PetQuery(AccessControlQuery): def query_for_user(self, user) -> "PetQuery": return self.filter_by(owner=user) class Pet(Model, AccessControlUser): query_class = PetQuery def user_can_read(self, user) -> bool: return self.user_can_write(user) or self.owner.id == user.id def user_can_write(self, user) -> bool: return user.is_admin # only administrators can edit pets
-
classmethod
get_for_user_or_404(user, id_value)[source]¶ Get instance by key if user allowed to read. :type user:
Type[~T] :param user: user instance to check access for :type id_value:Union[str,int] :param id_value: value of the key attribute for filtering- Return type
~T
-
query_class: Type[smorest_crud.access_control.models.AccessControlQuery]¶
-
classmethod
query_for_user(user)[source]¶ Filter list of items for user, or None if disallowed.
- Return type
Optional[AccessControlQuery]
-
classmethod
-
smorest_crud.access_control.get_for_current_user_or_404(model, id_value)[source]¶ Get an object by unique column and check if the current user can read it. :type model:
Type[~T] :param model: date base model of the instance :type id_value:Union[str,int] :param id_value: the id value of the interested instance- Return type
Optional[~T]