Hi,
I'm using DRF and need to implement object based permissions, I
sublassed BasePermission to create my own logic.
Currently all models that make sense to have permission inherits from a
base Object model, implementing common behaviour and fields.
The object has two many to many fields to UserProfile, read_access and
write_access.
So checking if a User has permission to an object is simple as:
base_query = models.Q(pk=user_profile.id) # base query is for current user
for group in user_profile.get_groups():
base_query |= models.Q(pk=group.id) # make an OR query for
each group the user belongs
return obj.read_access.filter(base_query).exists()
So checking if a user has permission to a given object can be done cheap in
one query
But the objects in the system have an hierarchy, a Project has tasks which
may have substaks.
So should I check the parent object permissions? or just checking the
current object is enough?
I'm thinking of copying the parent permissions when an object is created,
in this way creating an object could be expensive and the permissions table
may get too big, but reading the permissions can be cheap.
Thoughts? Ideas?
Thanks
Avraham
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAFWa6t%2BL0rtz4ef1w4CLc5TNZLarrPMtg9bZG%3DQWWUdASxeL6g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
