Contribute Media
A thank you to everyone who makes this possible: Read More

The Pit of Success for Per-Object Permissions in Django

Description

Privacy is important, but permissions are hard. Even more, the Django permission framework only supports subject-verb relation guards (does someone have permission to write) but not subject-verb-object relations (does someone have permission to write in this table). Other existing Django middleware extensions such as django-guardian and django-rules address this, but require manual and explicit permission checking for every access.

Wouldn’t it be nice if Model.objects.all() automatically only returned the set of objects which the active requesting user had permission to see? Or, if you tried to save a change to a model object you’d automatically get an error if the user doesn’t have the appropriate permissions? For this purpose, I developed a tool to do all of this as an easy-to-install and configure middleware with acceptable runtime overhead. It provides security-by-design, because it automatically takes permissions into account system-wide. Through that, it drastically reduces the possibility of high impact bugs and declutters the code from privacy checks. In this talk, I’ll showcase how one can hook into Models, Managers and Descriptors to enable the ‘magic’ behind this framework. I’ll also discuss key performance considerations as well as our experience running it in production.

Details

Improve this page