Update documentation for global 'ALLOWED_FILTERS' and resource-specif…

…ic 'allowed_filters' settings
pyeve · Mar 26, 2018 · d5659c2 · d5659c2
1 parent d463a03
commit d5659c2
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 10 deletions.
diff --git a/docs/config.rst b/docs/config.rst
@@ -114,6 +114,14 @@ uppercase.
                                     ``/v1/<endpoint>``). Defaults to ``''``.
 
 ``ALLOWED_FILTERS``                 List of fields on which filtering is allowed.
+                                    Entries in this list work in a hierarchical
+                                    way. This means that, for instance, filtering
+                                    on ``'dict.sub_dict.foo'`` is allowed if
+                                    ``ALLOWED_FILTERS`` contains any of
+                                    ``'dict.sub_dict.foo``, ``'dict.sub_dict'``
+                                    or ``'dict'``. Instead filtering on
+                                    ``'dict'`` is allowed if ``ALLOWED_FILTERS``
+                                    contains ``'dict'``.
                                     Can be set to ``[]`` (no filters allowed)
                                     or ``['*']`` (filters allowed on every
                                     field). Unless your API is comprised of
@@ -798,6 +806,14 @@ always lowercase.
                                 :ref:`subresources`.
 
 ``allowed_filters``             List of fields on which filtering is allowed.
+                                Entries in this list work in a hierarchical
+                                way. This means that, for instance, filtering
+                                on ``'dict.sub_dict.foo'`` is allowed if
+                                ``allowed_filters`` contains any of
+                                ``'dict.sub_dict.foo``, ``'dict.sub_dict'``
+                                or ``'dict'``. Instead filtering on
+                                ``'dict'`` is allowed if ``allowed_filters``
+                                contains ``'dict'``.
                                 Can be set to ``[]`` (no filters allowed), or
                                 ``['*']`` (fields allowed on every field).
                                 Defaults to ``['*']``.

diff --git a/eve/utils.py b/eve/utils.py
@@ -388,16 +388,6 @@ def validate_filter(filter):
         for key, value in filter.items():
             if '*' not in allowed:
                 def recursive_check_allowed(filter_key, allowed_filters):
-                    # Filter key can be a plain key (e.g. "foo") or a dotted
-                    # key (e.g. "dict.sub_dict.bar").
-                    # Starting from a dotted key, this function recursively
-                    # checks `allowed_filters` for the key itself and for all
-                    # its parent keys.
-                    # This means that, for instance, "dict.sub_dict.bar" is
-                    # an allowed filter key if `allowed_filters` contains any
-                    # of "dict.sub_dict.bar", "dict.sub_dict" or "dict".
-                    # Instead "dict" is an allowed filter key IFF
-                    # `allowed_filters` contains "dict".
                     if filter_key not in allowed_filters:
                         base_composed_key, _, _ = filter_key.rpartition('.')
                         return base_composed_key and recursive_check_allowed(