Changes between Version 1 and Version 2 of BluePrintAuthorization

Timestamp:

06/18/10 11:53:15 (14 years ago)

Author:

Fran Boon

Comment:

Use like for multiple=True in JOIN

BluePrintAuthorization

@@ -36 +36 @@
        accessible = (table.reader_id == None)
        for role in roles:
-           accessible = accessible & (table.reader_id == role) 
+           accessible = accessible & (table.reader_id == str(role)) & (table.reader_id.like('%d|%' % role)) & (table.reader_id.like('%|%d|%' % role)) & (table.reader_id.like('%|%d' % role))
        query = deleted & accessible
     return query
@@ -47 +47 @@
     * Advantages:
      * Combines the deleted into single API call
-     * Single JOIN for optimal DB performance
-    * Disadvantage:
-     * Can we deal with Multiple=True?
+     * Single JOIN for optimal DB performance (Assumption needs testing)
    * Option 2: Do the check in Python after the initial query has returned
-    * Advantage: Allows us to process the Multiple=True field properly
+    * Advantage: Might have better performance than complex DB string?
     * Disadvantage: More records pulled from DB than necessary
   * writer_id check: All Write access goes via S3XRC so can be checked there (we can also develop an API call for Manual DAL access?)
@@ -57 +55 @@
    * We expect relatively few groups per instance, so can use the checkboxes widget?
    * Have a single checkbox for 'Restrict access' which then opens out the 2 fields.
+=== Specific Examples ===
  * A Person's Subscriptions shouldn't be visible by default.
   * Admin or themselves is OK