Skip to content
This repository has been archived by the owner on Sep 28, 2022. It is now read-only.

Commit

Permalink
Merge pull request #76 from postatum/102163628_relationships_acl_filt…
Browse files Browse the repository at this point in the history 
…ering

Apply ACL filtering of ES documents' relationships
  • Loading branch information
@jstoiko
jstoiko committed Sep 12, 2015
2 parents 7b37b1d + 5b90836 commit 4b8c639
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 7 deletions.
24 changes: 20 additions & 4 deletions ramses/acl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,12 +180,28 @@ def item_acl(self, item):
db is used.
"""
if self.es_based:
from nefertari_guards import engine as guards_engine
acl = getattr(item, '_acl', ())
return guards_engine.ACLField.objectify_acl([
ace._data for ace in acl])
from nefertari_guards.elasticsearch import get_es_item_acl
return get_es_item_acl(item)
return item.get_acl()

def getitem_es(self, key):
""" Override to support ACL filtering.
To do so: passes `self.request` to `get_resource` and uses
`ACLFilterES`.
"""
from nefertari_guards.elasticsearch import ACLFilterES
es = ACLFilterES(self.item_model.__name__)
params = {
'id': key,
'request': self.request,
}
obj = es.get_resource(**params)
obj.__acl__ = self.item_acl(obj)
obj.__parent__ = self
obj.__name__ = key
return obj


def generate_acl(config, model_cls, raml_resource, es_based=True):
""" Generate an ACL.
Expand Down
5 changes: 2 additions & 3 deletions tests/test_acl.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,6 @@ def test_correct_security_scheme(self, mock_parse):
assert not instance.es_based

def test_database_acls_option(self, mock_parse):
from ramses.acl import DatabaseACLMixin
raml_resource = Mock(security_schemes=[
Mock(type='x-ACL', settings={'collection': 4, 'item': 7})
])
Expand All @@ -141,10 +140,10 @@ def test_database_acls_option(self, mock_parse):
config = config_mock()
config.registry.database_acls = False
acl_cls = acl.generate_acl(config, **kwargs)
assert not issubclass(acl_cls, DatabaseACLMixin)
assert not issubclass(acl_cls, acl.DatabaseACLMixin)
config.registry.database_acls = True
acl_cls = acl.generate_acl(config, **kwargs)
assert issubclass(acl_cls, DatabaseACLMixin)
assert issubclass(acl_cls, acl.DatabaseACLMixin)


class TestBaseACL(object):
Expand Down

0 comments on commit 4b8c639

Please sign in to comment.