5

I would like to ask what is the common way for handling role-based security with Google App Engine, Python?

In the app.yaml, there is the "login" section, but available values are only "admin" and "required".

How do you normally handle role-based security?

  • Create the model with two tables: Roles and UserRoles
  • Import values for Roles table
  • Manually add User to UserRoles
  • Check if user is in the right Roles group

Any other idea or any other method for role-based security, please let us know!

Hoang Pham
  • 6,899
  • 11
  • 57
  • 70

1 Answers1

4

I would do this by adding a ListProperty for roles to the model representing users. The list contains any roles a given user belongs to. This way if you want to know whether a given user belongs to a given role (I expect, the most common operation), it is a fast membership test.

You could put the role names directly into the lists as strings or add a layer of indirection to another entity specifying the details about the role so it is easy to change the details later. But, this has a runtime cost of an additional RPC to fetch the details about the role.

The downside to this method comes if you want to remove all users from a given role, or perform any other kind of global operation. I suppose you could mark a role 'deleted', but then you still have data cluttering up all your user models until you clean them up manually. So I am curious to hear what others suggest.

gravitation
  • 1,939
  • 2
  • 21
  • 26
  • +1. If you want to modify all users with a role, you can do a query on the listproperty the same as if it were a regular property to find all users with that role. – Nick Johnson Sep 19 '09 at 15:26
  • so it means that there are no dedicated ways to deal with role-based security from GAE with Python? we still have to handle it manually? – Hoang Pham Sep 19 '09 at 16:56
  • Correct - though I'm not sure what a 'dedicated' solution would even look like, given the wide variety of authentication needs people have. – Nick Johnson Sep 20 '09 at 11:08