In /graph_json, check internal_only on Test entity and skip test for all Row entities.

dashboard/dashboard/datastore_hooks.py

Index: dashboard/dashboard/datastore_hooks.py
diff --git a/dashboard/dashboard/datastore_hooks.py b/dashboard/dashboard/datastore_hooks.py
index 9e15b6572d2ebb53c05e8df2608bf5bf4648a055..105f8bea976a1bfb7eb8b30cd973c05f18660bc0 100644
--- a/dashboard/dashboard/datastore_hooks.py
+++ b/dashboard/dashboard/datastore_hooks.py
@@ -56,6 +56,24 @@ def SetPrivilegedRequest():
   request.registry['privileged'] = True
 
 
+def SetSinglePrivilegedRequest():
+  """Allows the current request to act as a privileged user only ONCE.
+
+  This should be called ONLY by handlers that have checked privilege immediately
+  before making a query. It will be automatically unset when the next query is
+  made.
+  """
+  request = webapp2.get_request()
+  request.registry['single_privileged'] = True
+
+
+def CancelSinglePrivilegedRequest():
+  """Disallows the current request to act as a privileged user only.
+  """

[qyearsley, 2015/12/28 22:50:56]

Closing """ can go on previous line

[sullivan, 2015/12/29 03:36:06]

Done.

+  request = webapp2.get_request()
+  request.registry['single_privileged'] = False
+
+
 def _IsServicingPrivilegedRequest():
   """Checks whether the request is considered privileged."""
   try:
@@ -70,6 +88,9 @@ def _IsServicingPrivilegedRequest():
     return True
   if request.registry.get('privileged', False):
     return True
+  if request.registry.get('single_privileged', False):
+    request.registry['single_privileged'] = False
+    return True
   whitelist = utils.GetIpWhitelist()
   if whitelist and hasattr(request, 'remote_addr'):
     return request.remote_addr in whitelist