Hi Jeff, you wouldn't happen to have an example av an ACL implementation by any chance? I've been trying to create a proper ACL on App Engine but I always seem to get stuck on GQL not supporting OR conditional statements.
My users can belong to one or more different user groups (many-to- many) and the idea is to have a per user and per group share model, that is, the owner of a model entity can grant access to one or more users or groups. This poses no problem when a user tries to access a single model entity, but when I try to get a list of entities, it seems near impossible to do it without using multiple queries and doing most of the work in Python instead (which really isn't ideal if the list should be paged). I'm really stuck on this and any help would be appreciated. Thanks, Anders On Aug 11, 12:31 am, "Jeff S (Google)" <j...@google.com> wrote: > Yes, what you are describing sounds like Access Control Lists (ACLs) and it > is possible to check within your code to see if the current user has > necessary permissions before carrying out an action. I'm not familiar with > the rest server module that you are using but there might be something in it > already which provides ACLs. If not, you can roll your own by adding a list > (or lists) of authorized users to an entity, or you could create groupings > for users (roles) and each entity could have a list of authorized roles. > There are quite a few design possibilities, some designs call require more > complex ACL implementations than others. Is sharing mostly on a per user > basis or are there identifiable types of users (admins, editors, readers, > etc.)? > > Thank you, > > Jeff > > On Thu, Aug 6, 2009 at 8:39 PM, epb <esbenbu...@gmail.com> wrote: > > > Hi > > > I am using the app engine rest server module to access different > > instances of a datamodel on my GAE app. Login is required on the app > > but I would like the system to use instance-wise authentication so > > that only a specific set of users A (and not all users) has access to > > a specific datamodel instance B via the rest server interface. Fx. the > > datamodel instance with key 1234 can only be accessed by a specfic set > > of users viahttp://myapp.com/rest/DATAMODELNAME/1234, both with HTTP > > GET and POST/PUT. Can this be done? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
