Hello this post is now four days old. I would like to hear from other
"I have no clue what you are talking about" or
"I understand your concerns, but I have no clue, too" or
"Thank you about talking about this, this raised my awareness"
would make me happy.
Am Donnerstag, 3. August 2017 10:07:53 UTC+2 schrieb guettli:
> First I asked a similar question on the postgresql-general list. The
> discussion has settled there.
> Now I would love the hear what you think.
> I am thinking about rewriting an existing application which uses PostgreSQL
> via Django.
> Up to now the permission checks are done at the application level.
> Up to now queries like: "Show all items which the current user is allowed to
> modify" result in complicated SQL and
> this leads to slow queries.
> Up to now there is one db-user and the application does the filtering of rows
> to prevent application users to see
> items which they are not allowed to see.
> I guess most web applications work like this.
> I would like to reduce the "ifing and elsing" in my python code (less
> conditions, less bugs, more SQL, more performance)
> One important intention for me: I would like to avoid the redundancy. As soon
> as I want to query for
> "Show all items which the current user is allowed to modify" I need the
> permission checking in a SQL WHERE condition.
> If I implement this. Then my code which might look like this is redundant:
> def has_perm(obj, user):
> if user.is_superuser:
> return True
> Yes, I feel farewell pain. I love Python, but I guess I will use perm
> checking via SQL WHERE for new projects in the future.
> What do you think?
> Thomas Güttler
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.