Dear SQLAlchemy users, I have a (Pyramid) application (CMS-like) for which I'm adding authorization.
The core consists of "users", "roles", and "permissions", where an "user" can have many "roles", and a "role" can have many "permissions" (see #1). Nothing really new, but where it gets a bit complicated is that I have two types of "roles": "classical" and "virtual" (which are all stored in the database, in a "role" table, wether they are classical or virtual). How to know if a user "has a" role depends of the role type. For the "classical" ones and entry should exist in the intermediary table (many-to-many). However, "virtual" roles are assigned dynamically by the application at the beginning of each request (and available in some request.effective_principals property) and depends of some context (if the user is logged, etc), so there is no entry in the intermediary table. For beauty and simplicity I'd like to have an User.roles property (which in my current version fetches the intermediary table, so "classical" roles only) which contains both types of roles (classical and virtual ones). Actually I have some wrapper function above the .roles property which does that, but I don't like it too much. The virtual ones should be excluded from any "state" management of course (I have a trigger at the database level which forbids a link between a virtual role and an account). What would be a good way to do that in SQLAlchemy? (1) https://gist.github.com/silenius/f7e4f4da9370e5db182e41d7ae93d324 Thank you, Julien -- Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. -- SQLAlchemy - The Python SQL Toolkit and Object Relational Mapper http://www.sqlalchemy.org/ To post example code, please provide an MCVE: Minimal, Complete, and Verifiable Example. See http://stackoverflow.com/help/mcve for a full description. --- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sqlalchemy. To view this discussion on the web visit https://groups.google.com/d/msgid/sqlalchemy/20190509103817.GC39998%40home.lan. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
