> if not book_list:
> book_list = Book.objects.select_related()
> cache.set('all_books', book_list)
> book_list = [b for b in book_list if b.is_visible_by(user)]
Unless "is_visible_by" is a python-side piece of code, you'd
likely get much better results not having your entire dataset
lurking on the Django-side of things.
I've found that if you set up security as a data-driven aspect of
your DB, your objects.* data can be filtered on the server-side
which reduces:
-the data to be pulled from the DB server,
-the data to be processed by Django/Python,
-and the data that gets copied by your list-comprehension.
Usually this can be done as a filter() call, though occasionally
needs to be hand-cranked via an extra() call. To reduce code
duplication, I'll often create a pseudo-manager method (IIUC,
managers don't take parameters, as they're treated like
properties) on my Model that takes the current user and returns
the set of the models this user can see. I've occasionally
wanted a way to automate some of this, but since the
business-logic of the security is encoded in the method, it's a
bit harder to do on a per-model basis because the code is
slightly different for each model.
-tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
