Hello Alchemists,
I'm setting up users, groups and permissions in my web application
(pylons+mako and SA assign_mapper) and I have trouble understanding how
I can query the required permissions through users and groups.
My policies:
* I have "users", "groups" and "privileges".
* A Privilege object is just a permission's name like "client_edit",
"client_delete", etc.
* A User can have privileges.
* A Group is a list of users. A group can also have privileges and users
of this group inherit from the group's privileges. (combines user's
direct privileges + groups privileges)
* A User can be part of multiple groups.
What I want to do:
* When I'm rendering my web page I want to conditionnaly show parts of
the page depending if the user has the required privilege. I'd like to
have a "has_privilege" method on the User object.
user = model.User.get(1)
if user.has_privilege("client_edit"):
# ... do the rendering ...
My problem:
* What's the most efficient way to query the for a privilege
"client_edit" that would exists in either the user's privilege directly,
or one of the group's privilege he might be part of ? Is it possible to
fire one query and return a boolean True/False ?
Relations:
* privilege_table (many-to-many) group_table
* privilege_table (many-to-many) user_table
* user_table (many-to-many) group_table
Schema source code:
-----------------------------------------------
#### USERS
user_table = Table('users', meta,
Column('id', Integer, primary_key=True),
Column('email', Unicode(40), unique=True, nullable=False),
Column('password', Unicode(20), nullable=False),
Column('first_name', Unicode(20)),
Column('last_name', Unicode(20)),
Column('create_date', DateTime, default=datetime.now()),
)
users_has_privileges = Table('users_has_privileges', meta,
Column('id_user', None, ForeignKey('users.id'), primary_key=True),
Column('id_privilege', None, ForeignKey('privileges.id'),
primary_key=True),
)
class User(object):
pass
user_mapper = assign_mapper(ctx, User, user_table,
order_by=user_table.c.email
)
#### GROUPS
group_table = Table('groups', meta,
Column('id', Integer, primary_key=True),
Column('name', Unicode(20), unique=True, nullable=False),
Column('description', Unicode(20), unique=True),
)
groups_has_users = Table('groups_has_users', meta,
Column('id_group', None, ForeignKey('groups.id'), primary_key=True),
Column('id_user', None, ForeignKey('users.id'), primary_key=True),
)
class Group(object):
pass
group_mapper = assign_mapper(ctx, Group, group_table,
properties={
'users':relation(User, backref=backref("groups",
order_by=group_table.c.name, cascade="save-update"),
secondary=groups_has_users)
},
)
#### PRIVILEGES
privilege_table = Table('privileges', meta,
Column('id', Integer, primary_key=True),
Column('name', Unicode(40), unique=True, nullable=False),
Column('description', Unicode(20)),
)
privileges_has_groups = Table('privileges_has_groups', meta,
Column('id_privilege', None, ForeignKey('privileges.id'),
primary_key=True),
Column('id_group', None, ForeignKey('groups.id'), primary_key=True),
)
privileges_has_users = Table('privileges_has_users', meta,
Column('id_privilege', None, ForeignKey('privileges.id'),
primary_key=True),
Column('id_user', None, ForeignKey('users.id'), primary_key=True),
)
class Privilege(object):
pass
privilege_mapper = assign_mapper(ctx, Privilege, privilege_table,
properties={
'groups':relation(Group, backref=backref("privileges",
order_by=privilege_table.c.name, cascade="save-update"),
secondary=privileges_has_groups),
'users':relation(User, backref=backref("privileges",
order_by=privilege_table.c.name, cascade="save-update"),
secondary=privileges_has_users),
},
)
-----------------------------------------------
One extra question: instead of using the "properties" keyword in the
mapper() function, would it be possible to have directly something like:
class Privilege(object):
groups = relation(Group, backref=backref("privileges",
order_by=privilege_table.c.name, cascade="save-update"),
secondary=privileges_has_groups)
users = relation(User, backref=backref("privileges",
order_by=privilege_table.c.name, cascade="save-update"),
secondary=privileges_has_users)
or would it give trouble to the mapper ?
Thanks for your help.
Regards,
--
Alexandre CONRAD
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"sqlalchemy" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/sqlalchemy?hl=en
-~----------~----~----~----~------~----~------~--~---
