Hi there, I'm investigating ways to make an ORM-mapped instance read-only, dependent the value of a particular attribute (database backed or not). If an object has a certain state, I want to prevent normal users from making a modification. Other objects connected to the same session should be editable however.
I've tried to figure out various possibilities, but none of them seem entirely satisfactory: * I could use AttributeExtension that checks the 'readonly' attribute and if so, raises an exception when modification is attempted. As far as I can see I'd need to manually define an AttributeExtension for *all* attributes, and I'd just like to do this once per mapped class at most. * It may be possible to use MapperExtension and modify before_update somehow. This is a bit late however - I'd prefer an exception to be raised as soon as someone tries to modify an attribute. * I could proxy the whole instance with a security proxy, along the lines of zope.security, which could then do the checks. I'd like to avoid security proxies if I can get away with it however. I'd prefer it if the objects that came back from session.query() were already configured to do read-only checks. * I could try to use some form of row-level security on the database level. MySQL, the database I'm working with, doesn't have such feature as far as I'm aware, however. Also this'd be warning the developer a bit late - I'd prefer if it happened directly when modifying the attribute. Does anyone have any clues as to what a good implementation strategy would be? Regards, Martijn --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en -~----------~----~----~----~------~----~------~--~---
