What is the best way pre filter user access for sqlalchemy queries?

Posted by steve on Stack Overflow See other posts from Stack Overflow or by steve
Published on 2010-05-21T20:41:08Z Indexed on 2010/05/22 5:50 UTC
Read the original article Hit count: 199

Filed under:
|
|

I have been looking at the sqlalchemy recipes on their wiki, but don't know which one is best to implement what I am trying to do.

Every row on in my tables have an user_id associated with it. Right now, for every query, I queried by the id of the user that's currently logged in, then query by the criteria I am interested in. My concern is that the developers might forget to add this filter to the query (a huge security risk). Therefore, I would like to set a global filter based on the current user's admin rights to filter what the logged in user could see.

Appreciate your help. Thanks.

© Stack Overflow or respective owner

Related posts about sqlalchemy

Related posts about filter