Hi all, Right now, I'm writing a code for a SaaS application.
I'm thinking about an idea to enforce a security restriction to Sequel Models by changing dataset filter dynamically. If current user's id is 123, then I want to apply filter(:user_id => 123) to all models related to users table. Probably it can be achieved with following example code: def load_session(user_id) foo = DB[:foo].filter(:user_id => user_id) Foo.set_dataset(foo) end Problems are * Performance impact of changing dataset for every access is not clear. * Not sure that it's okay to re-use model classes many times with different datasets. * This implementation is thread unsafe, abusing global environment, and I feel it's quite ugly. Any ideas? My idea is that extending Sequel to enable having non-class (instance) models. Right now, all Sequel models are defined in global classes with global database setting. I think it'll be useful if we can have model object such as: foo_model = database.define_model(Foo, dataset) I think it's useful for multi-database applications too. It'll be great if dataset defining overhead is not big. Or, simply just adding filtering to Model, like: foo_filtered = Foo.filter_model(:user_id => 123) Currently, Foo.filter returns a dataset, not a model. If it behaves like a model, it'll be great for me. I'd like to write a simple query like Foo[foo_id]. Regards, Shun ----- Mellowtone Inc. - life is a melody Shunichi Arai http://www.mellowtone.co.jp http://asiajin.com/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "sequel-talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sequel-talk?hl=en -~----------~----~----~----~------~----~------~--~---
