On Feb 8, 2011, at 6:05 AM, Martijn Moeling wrote: > Michael, > > > I took a look at the recipe you indicated, it looks promising but the check > should be constructed from database results. Another issue is that this > project is implemented in my web based desktop/Os which uses SQLAlchemy from > the bottem up. So modifiing the session object globally is with a > PreFilteredQuery is not a real option. Creating a session for this "program" > only might be an option but I am not sure how that will turn out.
Well a MapperExtension is also "global" to that class. Subclassing Query with rules for a specific mapper is fairly easy to isolate to those use cases. > > Being it a web based (and so Handle request and die), Persistence is (to me) > not very usefull and I need to "reload" everything for every action. That is typical for a web application. > > the @reconstructor hook seems too outdated. I moved to 0.6.6 last week, and > only will upgrade to stable/production versions since in my case there is a > lot to it. @reconstructor is a standard feature since 0.5 and continues to be. > > I need to transparently add "being queried" functionality to mapped objects. > This functionality is will be mixed in and should be able to limit the > results when being queried. Since my class definitions are so complex I would > like to make a (not functional) example on what I am in search of. and I will > not bother you with chemistry stuff... > > > user = ME, GROUPS = [Everyone] > > A query for Session.query(Persons).all() should NOT return Person.Id although > Everyone says True, personal Permissions overrule group permissions , simple > boolean operations. If no ACLs are found It all defaults to false or true not > sure yet on how this will work on my real data model, since this will be the > model on which atoms and molecule connections are "Allowed" > > If However the ACL's turn out that ME.MayRead = T, I will only get related > addresses I actually may read. This should "work" automatically for each > class with Mixedinstuff inherited.... > > This is whilst I do not want the "Users" of this model to be bothered with > this, the should add data to their model and query to generate list of > possible new molecules. > > I am some sort of clueless on how to do this properly > > the MapperExtention.append_result still seems the best way... > > if calculate_ACLs(Session = object_session(self), tablename = > instance.__tablename__, TableId = instance.__=TableId__, CheckFor = ME, Right > = "MayRead" ): > EXT_CONTINUE > else: > EXT_STOP > > Dont you? I guess what you're expressing is that your ACL rules need to fire off using Python code, not SQL expressions. The whole thing seems quite awkward to me since there's nothing to stop someone from saying Query(MyACLObject.id, MyACLObject.name, ...), etc., they get all the data from the ACL row anyway, or similarly if they were to say Query(SomeClass, SomeOtherClass, MyACLObject) using a join, again the append_result() hook isn't used. If it were me I'd be using some filter function around query() in an explicit sense to do it, but this is just a matter of style. The hook will work fine if its limitations are OK with you. -- You received this message because you are subscribed to the Google Groups "sqlalchemy" group. To post to this group, send email to sqlalchemy@googlegroups.com. To unsubscribe from this group, send email to sqlalchemy+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/sqlalchemy?hl=en.
