Hi,
-- I'm using DRF and need to implement object based permissions, I sublassed BasePermission to create my own logic.
Currently all models that make sense to have permission inherits from a base Object model, implementing common behaviour and fields.
The object has two many to many fields to UserProfile, read_access and write_access.
So checking if a User has permission to an object is simple as:
base_query = models.Q(pk=user_profile.id) # base query is for current user
for group in user_profile.get_groups():
base_query |= models.Q(pk=group.id) # make an OR query for each group the user belongs
return obj.read_access.filter(base_query).exists()
So checking if a user has permission to a given object can be done cheap in one query
But the objects in the system have an hierarchy, a Project has tasks which may have substaks.
So should I check the parent object permissions? or just checking the current object is enough?
I'm thinking of copying the parent permissions when an object is created, in this way creating an object could be expensive and the permissions table may get too big, but reading the permissions can be cheap.
Thoughts? Ideas?
Thanks
Avraham
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFWa6t%2BL0rtz4ef1w4CLc5TNZLarrPMtg9bZG%3DQWWUdASxeL6g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment