Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Why permission must be str or Enum? #158

Open
AlexanderMartynoff opened this issue May 6, 2018 · 6 comments
Open

Why permission must be str or Enum? #158

AlexanderMartynoff opened this issue May 6, 2018 · 6 comments

Comments

@AlexanderMartynoff
Copy link

AlexanderMartynoff commented May 6, 2018

What if more complex cases are needed?

@asvetlov
Copy link
Member

asvetlov commented May 6, 2018

Please describe your case

@AlexanderMartynoff
Copy link
Author

Ok. What if I want to check for multiple privileges? For example:

@has_permission([Permission.WRITE, Permission.DELETE], context)
def do(request):
    ...

Or maybe even more complex needs - not a set of privileges, but a predicate (which can have any type). Because it may be necessary to combine privileges with AND or OR.

@asvetlov
Copy link
Member

asvetlov commented May 8, 2018

It is another problem.
Passing predicate to query unknown storage looks weird. Also, it overcomplicates code reading and debugging.

Django checks for single permission only: https://docs.djangoproject.com/en/2.0/topics/auth/default/#default-permissions
Pyramid does the same: https://docs.pylonsproject.org/projects/pyramid/en/latest/api/request.html#pyramid.request.Request.has_permission

Why aiohttp-security should overcomplicate its API?

@AlexanderMartynoff
Copy link
Author

AlexanderMartynoff commented May 10, 2018

It will not be necessary to complicate the API - only removing the restriction on the type of permissions.

Under the predicate, I meant something like this:

@has_permission (WRITE || READ, context)
def do (request):
     ...

or

@has_permission (WRITE & DELETE, context)
def do (request):
     ...

Where:

READ, WRITE, DELETE - instances of some type (for example, Predicate), combinations using the &, || they are also predicates.

This is what I would like to do in my project, and I'm stopped only by the restriction on the type of the first argument to the has_permission function.

@asvetlov
Copy link
Member

WRITE ^ DELETE? I feel it makes a mess.

@AlexanderMartynoff
Copy link
Author

Sorry for long time answer. I will not argue. But I wanted to know what the mess you mean?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants