First I asked a similar question on the postgresql-general list. The 
discussion[1] has settled there.

Now I would love the hear what you think.

I am thinking about rewriting an existing application which uses PostgreSQL via 

Up to now the permission checks are done at the application level.

Up to now queries like: "Show all items which the current user is allowed to 
modify" result in complicated SQL and
this leads to slow queries.

Up to now there is one db-user and the application does the filtering of rows 
to prevent application users to see
items which they are not allowed to see.

I guess most web applications work like this.

I would like to reduce the "ifing and elsing" in my python code (less 
conditions, less bugs, more SQL, more performance)
One important intention for me: I would like to avoid the redundancy. As soon 
as I want to query for 
"Show all items which the current user is allowed to modify" I need the 
permission checking in a SQL WHERE condition.

If I implement this. Then my code which might look like this is redundant:


def has_perm(obj, user):
    if user.is_superuser:
        return True


Yes, I feel farewell pain. I love Python, but I guess I will use perm checking 
via SQL WHERE for new projects in the future.

What do you think?

   Thomas Güttler


You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
To view this discussion on the web visit
For more options, visit

Reply via email to