Hi Jeremy, My suggestion would be to set up a test environment and benchmark it. That's the only way to know for sure. I'd be very surprised if performance was an issue unless you are doing something really unusual.
At the end of the day if you are using the SQLAlchemy driver a permission check is just an SQL SELECT with a WHERE clause and I doubt it makes a huge difference whether the query ends: AND role = 'r1-edit' rather than: AND role = 'edit' and resource = 'r1' Cheers, James Original Message: ----------------- From: Jeremy Burton [EMAIL PROTECTED] Date: Mon, 16 Jun 2008 07:48:02 -0700 To: [email protected] Subject: Re: Preferred approach to extend Authkit to resource level access-control Thanks - this is useful. However, my concern is that there could ultimately be a very large number of resources and I wonder what the performance repercussions would be of just using the roles as is. Any thoughts? Thanks, Jeremy On Jun 16, 2008, at 4:09 AM, [EMAIL PROTECTED] wrote: > > Hi Jeremy, > > The easiest solution is to name your roles with the resource they > apply to. > Say you have resources r1, r2, and r3 you could name your roles: > > r1-edit > r2-edit > r3-edit > r1-write > r2-write > etc > > As long as you don't use ``-`` characters elsewhere in the role name > this > works fine. You then just test for the role ``r1-edit``. > > The alternative is to write your own custom permissions and your own > custom > data store. This works fine too but is a lot more work and actually > amounts > to the same thing anyway. Incidentally, very early versions of AuthKit > supported this functionality but I dropped it because the same thing > was so > easily implemented by just using the naming convention described > above. > > Hope that helps, > > James > > > > Original Message: > ----------------- > From: Jeremy Burton [EMAIL PROTECTED] > Date: Sun, 15 Jun 2008 13:00:27 -0700 > To: [email protected] > Subject: "Preferred" approach to extend Authkit to resource level > access-control > > > > The architecture of Authkit (and the examples/tutorial) seem to assume > that users have access-control/permissions at the application-wide > level. > > The application I am developing requires access-control/permissions at > the per resource level. i.e. each user has various permissions (read, > write, edit, delete) on an arbitrary number of resources. > > Do any Authkit experts on this list have a strong view on how to use > Authkit in this context? I'd rather not reinvent the wheel. > > Thanks, > JB > > > > > -------------------------------------------------------------------- > mail2web.com - Microsoft® Exchange solutions from a leading provider - > http://link.mail2web.com/Business/Exchange > > > > > -------------------------------------------------------------------- mail2web.com – Enhanced email for the mobile individual based on Microsoft® Exchange - http://link.mail2web.com/Personal/EnhancedEmail --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
