Skip to content
This repository has been archived by the owner on Sep 28, 2022. It is now read-only.

Commit

Permalink
Merge pull request #17 from postatum/92828042_private_fields
Browse files Browse the repository at this point in the history 
Apply privacy filtering to fields
  • Loading branch information
@jstoiko
jstoiko committed Apr 27, 2015
2 parents 371d730 + 126234f commit 86d2ff8
Show file tree
Hide file tree
Showing 3 changed files with 69 additions and 1 deletion.
3 changes: 3 additions & 0 deletions nefertari/authentication/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,9 @@ class AuthUser(eng.BaseDocument):

uid = property(lambda self: str(self.id))

def is_admin(self):
return 'admin' in self.groups

def verify_password(self, password):
return crypt.check(self.password, password)

Expand Down
15 changes: 15 additions & 0 deletions nefertari/view.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -131,14 +131,29 @@ def get_debug(self, package=None):
return asbool(self.request.registry.settings.get(key))

def setup_default_wrappers(self):
root_resource = getattr(self, 'root_resource', None)
auth_enabled = root_resource and root_resource.auth

self._after_calls['index'] = [
wrappers.wrap_in_dict(self.request),
]
if auth_enabled:
self._after_calls['index'] += [
wrappers.apply_privacy(self.request),
]
self._after_calls['index'] += [
wrappers.add_meta(self.request),
wrappers.add_etag(self.request),
]

self._after_calls['show'] = [
wrappers.wrap_in_dict(self.request),
]
if auth_enabled:
self._after_calls['show'] += [
wrappers.apply_privacy(self.request),
]
self._after_calls['show'] += [
wrappers.add_meta(self.request),
]

Expand Down
52 changes: 51 additions & 1 deletion nefertari/wrappers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ def __init__(self, request):

def __call__(self, **kwargs):
'''converts objects in `result` into dicts'''

result = kwargs['result']
if isinstance(result, dict):
return result
Expand All @@ -96,6 +95,57 @@ def __call__(self, **kwargs):
return result


class apply_privacy(object):
def __init__(self, request):
self.request = request

def _filter_fields(self, data):
from nefertari.engine import get_document_cls
try:
model_cls = get_document_cls(data['_type'])
except ValueError as ex:
log.error(str(ex))
return data

hidden_fields = set(getattr(model_cls, '_hidden_fields', None) or [])
auth_fields = set(getattr(model_cls, '_auth_fields', None) or [])
fields = set(data.keys())

user = getattr(self.request, 'user', None)
if self.request:
# User authenticated
if user:
if not user.is_admin():
fields -= hidden_fields

# User not authenticated
else:
fields -= auth_fields
fields -= hidden_fields
else:
fields -= hidden_fields

fields.add('_type')
return data.subset(fields)

def __call__(self, **kwargs):
result = kwargs['result']
data = result.get('data', result)
if not data:
return data

if issequence(data) and not isinstance(data, dict):
data = [apply_privacy(self.request)(result=d) for d in data]
else:
data = self._filter_fields(data)

if 'data' in result:
result['data'] = data
else:
result = data
return result


class wrap_in_dict(object):
def __init__(self, request):
self.request = request
Expand Down

0 comments on commit 86d2ff8

Please sign in to comment.