2

Is there a recommended practice or framework to achieve record-level-permission and attribute level visibility with google-app-engine db.Model (and/or ndb.Model) ?

I have read about model-hooks, but I would love to see if there is an existing recommended best-practice to do this.

class Person(db.Model):

 first_name = db.StringProperty()
 last_name = db.StringProperty()
 city = db.StringProperty()

 # Record level permissions:
 #  "top" visible only to managers
 #  "medium" visible to managers & supervisors
 #  "none" visible to all (unless other permissions restrict)
 secrecy = db.StringProperty(required=True, choices=set(["top", "medium", "none"]))

 birth_year = db.IntegerProperty() # Accessible only with "Manager" permission
 height = db.IntegerProperty() # Writable only with "Supervisor" permission

Some more context to this - I need these permission checks to be model level since I want to allow users to execute arbitary GQL queries and DMLs via a simple JavaScript RPC call.

anups
  • 583
  • 1
  • 7
  • 18

1 Answers1

1

For entity-level (= record-level) permissions you should look into Namespaces API. Afaik, there is no out-of-the-box solution for property level permissions - you'd have to code this yourself.

Note, namespaces work by adding a namespace to entity key. This means you will not be able to do cross-namespace queries and to get an entity you'll need to know it's namespace (along with kind, parent and id/name).

Namespaces are an effective way to achieve multitenancy, e.g. a way to have totally separate customers use the same GAE app, preventing a possibility that a code error would expose one customer's data to the other customer.

Peter Knego
  • 79,991
  • 11
  • 123
  • 154
  • Thanks, but as you pointed out - Namespaces are best used for multitenancy and I intend to use it for the same. – anups Feb 08 '13 at 20:58