If you want to query for each user with given permission, then the query
seems to be this (unfortunately not tested as I don't have a nice database
to test this against):
users = User.objects.filter(
Q(is_superuser=True) |
Q(pk__in=Group.objects.filter(permissions=permission).values('user__pk')) |
Q(pk__in=Permission.objects.filter(id=permission.pk).values('user__pk')))
I can't see how removing the is_superuser attribute would make this query
more efficient. And, it's likely the query you were using is slow because
it doesn't use subqueries. It would be nice to make Django use subqueries
automatically, but for queryset API reasons that's hard to do.
- Anssi
On Tuesday, March 28, 2017 at 1:53:00 PM UTC+3, guettli wrote:
>
>
>
> Am Montag, 27. März 2017 16:11:06 UTC+2 schrieb Melvyn Sopacua:
>>
>> On Friday 24 March 2017 04:31:32 guettli wrote:
>>
>> > I know this is a crazy idea, and it will get the "won't fix" tag very
>>
>> > soon.
>>
>> >
>>
>> > Nevertheless I want to speak it out.
>>
>> >
>>
>> > My use case: Get a queryset of users who have a given permission.
>>
>>
>>
>> I'm still thinking about this use case.
>>
>> Cause it's not for normal use - you don't normally use permissions as
>> data, you use permissions to deny / allow access to data.
>>
>> So, you're already in the "specialized" corner.
>>
>>
>>
>
>
> I can use more words, to make this use case more colorful.
>
> Imagine a approval workflow: Only some users are allowed to do the
> approval.
>
> An invoice instance needs to be forwarded to someone with the matching
> permissions.
>
> This way I want to provide a html form where the current user can choose
> the user with the matching
> permissions.
>
>
>
>
>
>
>> > At the moment this query is complex and results in performance issues,
>>
>>
>>
>> For a small install this works fine. When performance becomes an issue
>> because there's a large number of users and groups, my first instinct is to
>> regroup users so that no permission exceptions exist anymore at the user
>> level.
>>
>> I'd add all superusers to the "wheel" group ("root", "superuser",
>> whatever floats your boat).
>>
>> Now the query to get this info no longer requires the user model for
>> conditions and you can simply query the group manager.
>>
>> It is what groups are for and it'll be always faster get all the matching
>> groups as one set and combine it with all the users that have the
>> permission assigned directly.
>>
>> The "one query" requirement conflicts with your performance requirement.
>>
>>
>
> Unfortunately the current sql query has several outer joins and takes
> several seconds even with only very few data in the database.
>
> We have a work-around this. The basic part is published here:
> https://code.djangoproject.com/ticket/27260#comment:10
>
>
>
>
>
>>
>>
>> --
>>
>> Melvyn Sopacua
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/f38eb15f-4e5f-45b8-8fa9-be4e749bc86c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
