tags:

views:

405

answers:

1
+1  Q: 

Role-based security with Google App Engine and Python

Hi all,

I would like to ask what is the common way for handling role-based security with Google App Engine, Python?

In the app.yaml, there is the "login" section, but available values are only "admin" and "required".

How do you normally handle role-based security?

  • Create the model with two tables: Roles and UserRoles
  • Import values for Roles table
  • Manually add User to UserRoles
  • Check if user is in the right Roles group

Any other idea or any other method for role-based security, please let us know!

+2  A: 

I would do this by adding a ListProperty for roles to the model representing users. The list contains any roles a given user belongs to. This way if you want to know whether a given user belongs to a given role (I expect, the most common operation), it is a fast membership test.

You could put the role names directly into the lists as strings or add a layer of indirection to another entity specifying the details about the role so it is easy to change the details later. But, this has a runtime cost of an additional RPC to fetch the details about the role.

The downside to this method comes if you want to remove all users from a given role, or perform any other kind of global operation. I suppose you could mark a role 'deleted', but then you still have data cluttering up all your user models until you clean them up manually. So I am curious to hear what others suggest.

Brandon Thomson  2009-09-19 15:10:37
+1. If you want to modify all users with a role, you can do a query on the listproperty the same as if it were a regular property to find all users with that role.
Nick Johnson  2009-09-19 15:26:29
so it means that there are no dedicated ways to deal with role-based security from GAE with Python? we still have to handle it manually?
sfa  2009-09-19 16:56:32
Correct - though I'm not sure what a 'dedicated' solution would even look like, given the wide variety of authentication needs people have.
Nick Johnson  2009-09-20 11:08:24

related questions

Programmatically talking to a Serial Port in OS X or Linux
Best ways to teach a beginner to program?
Calling a Function From a String With the Function's Name in Python
An executable Python app
Text Editor For Linux (Besides Vi)?
What Hosting Service is best for Django applications?
File size differences after copying a file to a server vía FTP
Python: what is the difference between (1,2,3) and [1,2,3], and when should I use each?
Python: What OS am I running on?
How do I make a menu in python that does not require the user to press (enter) to make a selection?
How do you express binary literals in Python?
What is the most efficient graph data structure in Python?
Adding a Method to an Existing Object
How to learn Python: Good Example Code?
How do I use Python's itertools.groupby()?
Python and MySQL
Class views in Django
Is there an IDE that provides code completion for Python
Using 'in' to match an attribute of Python objects in an array
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Continuous Integration System for a Python Codebase
Get a preview jpeg of a pdf on windows?
How can I find the full path to a font from its display name on a Mac?
XML Processing in Python