使用Google App Engine和Python的基于角色的安全性 [英] Role-based security with Google App Engine and Python
问题描述
我想问一下使用Google App Engine,Python处理基于角色安全的常见方式是什么?
在app.yaml中,有登录部分,但可用的值只有admin和required。
您通常如何处理基于角色的安全性?
- 使用两个表创建模型:角色和用户角色
- 导入角色表的值
- 手动添加用户到UserRoles
- 检查用户是否在正确的角色组中
任何其他想法或任何其他基于角色的安全方法,请告诉我们!
我会通过添加一个ListProperty用于表示用户的模型的角色。该列表包含给定用户所属的任何角色。这样,如果你想知道给定的用户是否属于某个特定的角色(我预料,这是最常见的操作),那么这是一种快速的会员测试。
你可以将角色名称直接放入列表中作为字符串,或者向另一个实体添加一个间接层以指定角色的详细信息,以便稍后更改细节。但是,这有一个额外的RPC的运行时间成本,用于获取有关该角色的详细信息。
如果您想从给定的用户中删除所有用户角色或执行任何其他类型的全局操作。我想你可以将一个角色标记为已删除,但是你仍然有数据凌乱了你的所有用户模型,直到你手动清除它们。所以我很好奇听到别人的建议。
I would like to ask what is the common way for handling role-based security with Google App Engine, Python?
In the app.yaml, there is the "login" section, but available values are only "admin" and "required".
How do you normally handle role-based security?
- Create the model with two tables: Roles and UserRoles
- Import values for Roles table
- Manually add User to UserRoles
- Check if user is in the right Roles group
Any other idea or any other method for role-based security, please let us know!
I would do this by adding a ListProperty for roles to the model representing users. The list contains any roles a given user belongs to. This way if you want to know whether a given user belongs to a given role (I expect, the most common operation), it is a fast membership test.
You could put the role names directly into the lists as strings or add a layer of indirection to another entity specifying the details about the role so it is easy to change the details later. But, this has a runtime cost of an additional RPC to fetch the details about the role.
The downside to this method comes if you want to remove all users from a given role, or perform any other kind of global operation. I suppose you could mark a role 'deleted', but then you still have data cluttering up all your user models until you clean them up manually. So I am curious to hear what others suggest.
这篇关于使用Google App Engine和Python的基于角色的安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
