On Thu, Oct 24, 2024 at 02:58:48PM +0000, John Rouillard wrote:
> 
> We also need a couple of examples of using the filter method in
> customizing.txt. Reference them from reference.txt and also add index
> entries for:

Proposal for examples:
We already have a check function on query (at least in the classic
template) that permits users to see their own and public (private_for
empty) queries.

def view_query(db, userid, itemid):
    private_for = db.query.get(itemid, 'private_for')
    if not private_for:
        return True
    return userid == private_for

Augmenting this with a filter function:

    def filter_query(db, userid, klass):
        return [dict(filterspec = dict(private_for=['-1', userid]))]

Now if we also want to check if the user is the creator of a query and
permit access we would modify these to::

    def view_query(db, userid, itemid):
        q = db.query.getnode(itemid)
        if not q.private_for or userid == q.private_for:
            return True
        if userid == q.creator:
            return True

    def filter_query(db, userid, klass):
        f1 = dict(filterspec = dict(private_for=['-1', userid]))
        f2 = dict(filterspec = dict(creator=userid))
        return [f1, f2]

Note how we need a list with more than one entry here to account for the
OR-condition.

Another example would be the following: Consider we have a class
"organization". A user has a link to organization and the issue has a
link to organization. Users can see only issues of their own
organisation.

A check function would be::

    def view_issue(db, userid, itemid):
        user  = db.user.getnode(userid)
        if not user.organisation:
            return False
        issue = db.issue.getnode(itemid)
        if user.organisation == issue.organisation:
            return True

The corresponding filter function::

    def filter_issue(db, userid, klass):
        user = db.user.getnode(userid)
        if not user.organisation:
            return []
        return [dict(filterspec = dict(organisation=user.organisation))]

Note how the filter fails early by returning an empty list of filter
arguments when the user has no organisation.

I think this documents most of the use-cases.
Note that so far I've never needed the 'klass' argument to the filter
function. It might be needed when a filter applies to more than one
class, though.

Let me know what you think!

KR
Ralf
-- 
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office@runtux.com