Role-based security with Google App Engine and Python

隐身守侯 提交于 2020-01-13 10:34:26

问题


I would like to ask what is the common way for handling role-based security with Google App Engine, Python?

In the app.yaml, there is the "login" section, but available values are only "admin" and "required".

How do you normally handle role-based security?

  • Create the model with two tables: Roles and UserRoles
  • Import values for Roles table
  • Manually add User to UserRoles
  • Check if user is in the right Roles group

Any other idea or any other method for role-based security, please let us know!


回答1:


I would do this by adding a ListProperty for roles to the model representing users. The list contains any roles a given user belongs to. This way if you want to know whether a given user belongs to a given role (I expect, the most common operation), it is a fast membership test.

You could put the role names directly into the lists as strings or add a layer of indirection to another entity specifying the details about the role so it is easy to change the details later. But, this has a runtime cost of an additional RPC to fetch the details about the role.

The downside to this method comes if you want to remove all users from a given role, or perform any other kind of global operation. I suppose you could mark a role 'deleted', but then you still have data cluttering up all your user models until you clean them up manually. So I am curious to hear what others suggest.



来源:https://stackoverflow.com/questions/1448308/role-based-security-with-google-app-engine-and-python

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!