Changes between Version 5 and Version 6 of Ticket #29012


Ignore:
Timestamp:
Jan 11, 2018, 11:31:33 AM (7 years ago)
Author:
Mehmet Dogan
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #29012 – Description

    v5 v6  
    1212However, this not only looks ugly, but also requires polling of all the backends twice, and thus, is a performance loss.
    1313
    14 First, and possibly the best, solution to this is that, django does not deny permission if obj argument is provided, but just ignores it. This way by properly ordering backends in the settings, it could be a fallback solution for the lower level checkers. This might be the move in the right direction, although it is backwards incompatible.
     14First, and possibly the best, solution to this is that, django does not deny permission if obj argument is provided, but just ignores it. This is also very logical, one who has a permission for the entire model/table, would also have it for an instance/row. This way by properly ordering backends in the settings, it could be a fallback solution for the lower level checkers. This might be the move in the right direction, although it is backwards incompatible.
    1515
    1616A second solution is a keyword argument, such as `fallback_to_model=None`, that will allow lower-level checkers mimic the model level permissions that django does. Obviously, this is not DRY. But is needed if the first solution is not accepted to get the necessary permissions with one round of polling, and without cluttering the code. If it was accepted, it would still be a useful addition since it would allow backends to prefer to handle the fallback by themselves. Or, it would allow users who fallback by default override that behavior and not fallback (via a value of `False`), i.e., when object level permissions are definitive.
Back to Top