> My concern is that this python code can't return a queryset with all items where a given permission+user tuple match.
def has_perm(obj, user): if user.is_superuser: return True This means I need a SQL WHERE condition For example MyModel.objects.filter(Q(...)|Q(....)) I never wanted business logic in the database. Sorry, if you misunderstood me. has_perm() is not used for that purpose, so it isn't a fair comparison. If you want items specific to a permission gradient, you'll need to determine the logic to emulate it yourself. In most cases, with a correct model design, it isn't terribly difficult. For example, if user Joey can only see red widgets, then you would need to specifically filter for red widgets in your view query set. The color (or list of colors) may need to be pulled from a different table, causing a second query. The ORM does have some advanced usages for filtering a model based on values in an related model, in most cases using a JOIN to keep it as a single cross-table query. If that's all you're trying to do, I doubt any custom database procedure will be much faster than a good query set. Do you have evidence of such queries being slow in the past? Profiling them will lead you to the specific operations that may be slowing you down and can likely be customized through more specific queries in a custom authentication back end, or better direct querying within the views. Guardian is a good package, but frankly it is a polar opposite implementation (all Python, use of GFK's incurring multiple queries, etc.) from the one you are proposing. -James -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CA%2Be%2BciUUiVsat3Pwb%3DaJ7FSC_oUxJ1gv6dApGi-fOnOo6nq-VA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.