In my application, authenticated_userid() is just the integer primary key of
the user table stored in an auth_tkt cookie. It does not consult the
database at all. I do not remove users from the database, but they have an
'is_active' flag which controls whether they are allowed to log in.

The effective_principals callback is pretty much

return [str(group) for group in

which could be only 1 query by eagerloading the groups, but I don't mind
doing 2.

Since the sqlalchemy session for the request keeps an identity
map<>of all objects
fetched during the transaction,
sqlalchemy_session.query(User).get(authenticated_userid(request)) is a dict
lookup, not a SQL query, during the remainder of the request.

Hey look, here's the source:

Daniel Holth
Repoze-dev mailing list

Reply via email to