It's indeed a python piece of code:
def is_visible_by(self, author):
projects = author.projects.all()
return author.user.is_staff or\
author.is_manager or\
(author.is_lead_writer and (self.project in projects)) or\
(author == self.main_author or author in
self.co_authors.all())
Can this be turned into an SQL query using filter() or extra()?
JJ.
On Jul 2, 12:22 pm, Tim Chase <[EMAIL PROTECTED]> wrote:
> > if not book_list:
> > book_list = Book.objects.select_related()
> > cache.set('all_books', book_list)
> > book_list = [b for b in book_list if b.is_visible_by(user)]
>
> Unless "is_visible_by" is a python-side piece of code, you'd
> likely get much better results not having your entire dataset
> lurking on the Django-side of things.
>
> I've found that if you set up security as a data-driven aspect of
> your DB, your objects.* data can be filtered on the server-side
> which reduces:
>
> -the data to be pulled from the DB server,
> -the data to be processed by Django/Python,
> -and the data that gets copied by your list-comprehension.
>
> Usually this can be done as a filter() call, though occasionally
> needs to be hand-cranked via an extra() call. To reduce code
> duplication, I'll often create a pseudo-manager method (IIUC,
> managers don't take parameters, as they're treated like
> properties) on my Model that takes the current user and returns
> the set of the models this user can see. I've occasionally
> wanted a way to automate some of this, but since the
> business-logic of the security is encoded in the method, it's a
> bit harder to do on a per-model basis because the code is
> slightly different for each model.
>
> -tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
