Mercurial > libervia-pubsub
diff sat_pubsub/pgsql_storage.py @ 252:25a1dc7181cc
full items, with item-configuration, are returned if items are asked by the owner
author | Goffi <goffi@goffi.org> |
---|---|
date | Thu, 01 Nov 2012 19:28:43 +0100 |
parents | eb14b8d30cba |
children | d55620ceafed |
line wrap: on
line diff
--- a/sat_pubsub/pgsql_storage.py Tue Oct 23 00:09:38 2012 +0200 +++ b/sat_pubsub/pgsql_storage.py Thu Nov 01 19:28:43 2012 +0100 @@ -571,14 +571,20 @@ def getItems(self, authorized_groups, unrestricted, maxItems=None): + """ Get all authorised items + @param authorized_groups: we want to get items that these groups can access + @param unrestricted: if true, don't check permissions (i.e.: get all items) + @param maxItems: nb of items we want to tget + @return: list of (item, access_model, access_model) if unrestricted is True, else list of items + """ return self.dbpool.runInteraction(self._getItems, authorized_groups, unrestricted, maxItems) def _getItems(self, cursor, authorized_groups, unrestricted, maxItems): self._checkNodeExists(cursor) if unrestricted: - query = ["""SELECT data FROM nodes - INNER JOIN items USING (node_id) + query = ["""SELECT data,items.access_model,item_id FROM nodes + INNER JOIN items USING (node_id) WHERE node=%s ORDER BY date DESC"""] args = [self.nodeIdentifier] else: @@ -601,28 +607,75 @@ cursor.execute(' '.join(query), args) result = cursor.fetchall() + if unrestricted: + ret = [] + for data in result: + item = stripNamespace(parseXml(data[0])) + access_model = data[1] + item_id = data[2] + if access_model == 'roster': #TODO: jid access_model + cursor.execute('SELECT groupname FROM item_groups_authorized WHERE item_id=%s', (item_id,)) + access_list = [r[0] for r in cursor.fetchall()] + else: + access_list = None + + ret.append((item, access_model, access_list)) + return ret items = [stripNamespace(parseXml(r[0])) for r in result] return items def getItemsById(self, authorized_groups, unrestricted, itemIdentifiers): - return self.dbpool.runInteraction(self._getItemsById, itemIdentifiers) + """ Get items which are in the given list + @param authorized_groups: we want to get items that these groups can access + @param unrestricted: if true, don't check permissions + @param itemIdentifiers: list of ids of the items we want to get + @return: list of (item, access_model, access_model) if unrestricted is True, else list of items + """ + return self.dbpool.runInteraction(self._getItemsById, authorized_groups, unrestricted, itemIdentifiers) def _getItemsById(self, cursor, authorized_groups, unrestricted, itemIdentifiers): self._checkNodeExists(cursor) - items = [] - for itemIdentifier in itemIdentifiers: - cursor.execute("""SELECT data FROM nodes - INNER JOIN items USING (node_id) - WHERE node=%s AND item=%s""", - (self.nodeIdentifier, - itemIdentifier)) - result = cursor.fetchone() - if result: - items.append(parseXml(result[0])) - return items + ret = [] + if unrestricted: #we get everything without checking permissions + for itemIdentifier in itemIdentifiers: + cursor.execute("""SELECT data,items.access_model,item_id FROM nodes + INNER JOIN items USING (node_id) + WHERE node=%s AND item=%s""", + (self.nodeIdentifier, + itemIdentifier)) + result = cursor.fetchone() + if result: + for data in result: + item = stripNamespace(parseXml(data[0])) + access_model = data[1] + item_id = data[2] + if access_model == 'roster': #TODO: jid access_model + cursor.execute('SELECT groupname FROM item_groups_authorized WHERE item_id=%s', (item_id,)) + access_list = [r[0] for r in cursor.fetchall()] + else: + access_list = None + ret.append((item, access_model, access_list)) + else: #we check permission before returning items + for itemIdentifier in itemIdentifiers: + args = [self.nodeIdentifier, itemIdentifier] + if authorized_groups: + args.append(authorized_groups) + cursor.execute("""SELECT data FROM nodes + INNER JOIN items USING (node_id) + LEFT JOIN item_groups_authorized USING (item_id) + WHERE node=%s AND item=%s AND + (items.access_model='open' """ + + ("or (items.access_model='roster' and groupname in %s)" if authorized_groups else '') + ")", + args) + + result = cursor.fetchone() + if result: + ret.append(parseXml(result[0])) + + return ret def purge(self): return self.dbpool.runInteraction(self._purge)