> My concern is that this python code can't return a queryset with all items
where a given permission+user tuple match.

def has_perm(obj, user):
    if user.is_superuser:
        return True

This means I need a SQL WHERE condition

For example MyModel.objects.filter(Q(...)|Q(....))

I never wanted business logic in the database. Sorry, if you misunderstood me.

has_perm() is not used for that purpose, so it isn't a fair comparison.

If you want items specific to a permission gradient, you'll need to
determine the logic to emulate it yourself. In most cases, with a correct
model design, it isn't terribly difficult.

For example, if user Joey can only see red widgets, then you would need to
specifically filter for red widgets in your view query set. The color (or
list of colors) may need to be pulled from a different table, causing a
second query. The ORM does have some advanced usages for filtering a model
based on values in an related model, in most cases using a JOIN to keep it
as a single cross-table query. If that's all you're trying to do, I doubt
any custom database procedure will be much faster than a good query set.

Do you have evidence of such queries being slow in the past? Profiling them
will lead you to the specific operations that may be slowing you down and
can likely be customized through more specific queries in a custom
authentication back end, or better direct querying within the views.

Guardian is a good package, but frankly it is a polar opposite
implementation (all Python, use of GFK's incurring multiple queries, etc.)
from the one you are proposing.


You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to