What is the best way pre filter user access for sqlalchemy queries?

Posted by steve on Stack Overflow See other posts from Stack Overflow or by steve
Published on 2010-05-21T20:41:08Z Indexed on 2010/05/22 5:50 UTC
Read the original article Hit count: 195

Filed under:

sqlalchemy

|

filter

|

acl

I have been looking at the sqlalchemy recipes on their wiki, but don't know which one is best to implement what I am trying to do.

Every row on in my tables have an user_id associated with it. Right now, for every query, I queried by the id of the user that's currently logged in, then query by the criteria I am interested in. My concern is that the developers might forget to add this filter to the query (a huge security risk). Therefore, I would like to set a global filter based on the current user's admin rights to filter what the logged in user could see.

Appreciate your help. Thanks.

© Stack Overflow or respective owner

Related posts about sqlalchemy

sqlalchemy date type in 0.6 migration using mssql

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm connection to mssql server through pyodbc, via FreeTDS odbc driver, on linux ubuntu 10.04. Sqlalchemy 0.5 uses DATETIME for sqlalchemy.Date() fields. Now Sqlalchemy 0.6 uses DATE, but sql server 2000 doesn't have a DATE type. How can I make DATETIME be the default for sqlalchemy.Date() on sqlalchemy… >>> More
OperationalError "unable to open database file" processing query results with SQLAlchemy and SQLite3

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm running into this little problem that I hope is just a dumb user error. It looks like some sort of a size limit with a query to a SQLite database. I managed to reproduce the issue with an in-memory DB and a simple script shown below. I can make it work by either reducing the number of records… >>> More
Starter question of declarative style SQLAlchemy relation()

as seen on Stack Overflow - Search for 'Stack Overflow'
I am quite new to SQLAlchemy, or even database programming, maybe my question is too simple. Now I have two class/table: class User(Base): __tablename__ = 'users' id = Column(Integer, primary_key=True) name = Column(String(40)) ... class Computer(Base): __tablename__ = 'comps' … >>> More
Default class for SQLAlchemy single table inheritance

as seen on Stack Overflow - Search for 'Stack Overflow'
I've set up a single table inheritance, but I need a "default" class to use when an unknown polymorphic identity is encountered. The database is not in my control and so the data can be pretty much anything. A working example setup: import sqlalchemy as sa from sqlalchemy import orm engine = sa… >>> More
Batch select with SQLAlchemy

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a large set of values V, some of which are likely to exist in a table T. I would like to insert into the table those which are not yet inserted. So far I have the code: for value in values: s = self.conn.execute(mytable.__table__.select(mytable.value == value)).first() … >>> More

Related posts about filter

How to filter the jqGrid data NOT using the built in search/filter box

as seen on Stack Overflow - Search for 'Stack Overflow'
I want users to be able to filter grid data without using the intrinsic search box. I have created two input fields for date (from and to) and now need to tell the grid to adopt this as its filter and then to request new data. Forging a server request for grid data (bypassing the grid) and setting… >>> More
PHP Filter, how to filter input array

as seen on Stack Overflow - Search for 'Stack Overflow'
I am using PHP filter to perfom basic sanitization and validation of form data. The principle problem I am having is that I mark my form up so that all the data is in one array for the POST input. e.g. form fields, page[name], page[slug], page[body], page[status], etc. Using the following: filter_input(INPUT_POST… >>> More
Modify the filter chain - Or select servlet to respond to request using filter

as seen on Stack Overflow - Search for 'Stack Overflow'
I am trying to use a filter to map requests. I am trying to do this for two reasons, firstly to dynamically generate URI's and have them mapped to the appropriate servlet and secondly to catch URI's which are not registered and handle them appropriately. So I'm using a catch-all filter to process… >>> More
Capturing and Transforming ASP.NET Output with Response.Filter

as seen on West-Wind - Search for 'West-Wind'
During one of my Handlers and Modules session at DevConnections this week one of the attendees asked a question that I didn’t have an immediate answer for. Basically he wanted to capture response output completely and then apply some filtering to the output – effectively injecting some additional… >>> More
Subterranean IL: Filter exception handlers

as seen on Simple Talk - Search for 'Simple Talk'
Filter handlers are the second type of exception handler that aren't accessible from C#. Unlike the other handler types, which have defined conditions for when the handlers execute, filter lets you use custom logic to determine whether the handler should be run. However, similar to a catch block,… >>> More