What is the best way pre filter user access for sqlalchemy queries?
Posted
by steve
on Stack Overflow
See other posts from Stack Overflow
or by steve
Published on 2010-05-21T20:41:08Z
Indexed on
2010/05/22
5:50 UTC
Read the original article
Hit count: 199
I have been looking at the sqlalchemy recipes on their wiki, but don't know which one is best to implement what I am trying to do.
Every row on in my tables have an user_id associated with it. Right now, for every query, I queried by the id of the user that's currently logged in, then query by the criteria I am interested in. My concern is that the developers might forget to add this filter to the query (a huge security risk). Therefore, I would like to set a global filter based on the current user's admin rights to filter what the logged in user could see.
Appreciate your help. Thanks.
© Stack Overflow or respective owner