On Monday, September 8, 2014 4:47:57 AM UTC-4, Leonel Câmara wrote: > > Frankly, I would just store the user as the owner in all of those tables. > Probably using auth.signature(). > > You could do a very inefficient recursive select but I don't see any > advantage. > > Something like: > > task = db.tasks[5] > > if task.job.project.owner != auth.user_id: # You are doing a select for > each dot you see here: > raise HTTP(403) # Forbidden >
Before you go storing the user id in every table, you should check the timing on the above query, and make the decision based on expected app usage. While the above isn't the most efficient, if will probably be only a few milliseconds, and if this app doesn't have heave traffic or this operation isn't very frequent, the inefficiency may be fine. You could also see if it's faster to do a single multi table join rather than the recursive select shown above (though the above is easier to write and understand, so may not be worth making the change anyway). Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
