First I asked a similar question on the postgresql-general list. The
discussion[1] has settled there.
Now I would love the hear what you think.
I am thinking about rewriting an existing application which uses PostgreSQL via
Django.
Up to now the permission checks are done at the application level.
Up to now queries like: "Show all items which the current user is allowed to
modify" result in complicated SQL and
this leads to slow queries.
Up to now there is one db-user and the application does the filtering of rows
to prevent application users to see
items which they are not allowed to see.
I guess most web applications work like this.
I would like to reduce the "ifing and elsing" in my python code (less
conditions, less bugs, more SQL, more performance)
One important intention for me: I would like to avoid the redundancy. As soon
as I want to query for
"Show all items which the current user is allowed to modify" I need the
permission checking in a SQL WHERE condition.
If I implement this. Then my code which might look like this is redundant:
{{{
def has_perm(obj, user):
if user.is_superuser:
return True
...
}}}
Yes, I feel farewell pain. I love Python, but I guess I will use perm checking
via SQL WHERE for new projects in the future.
What do you think?
Regards,
Thomas Güttler
[1]:
https://www.postgresql.org/message-id/e662fd8a-6001-514c-71e8-01718444f338%40thomas-guettler.de
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/11640cac-a4e0-4f97-8b26-cf9486d41d8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
