1

I have a settings app inside my project, and every record in DB table that this app uses, represents particular setting. And it is important that settings always must be consistent, so Im looking for way to protect them from accidental deletion by admin-panel users, or by buggy code.

Another cases for this feature might be - error messages stored in DB and available for editing in admin-site or templates for email messages for web-site users.

Possible solutions that I have in mind:
- Store each setting as table column or multiple columns, so the table will extends column-wise, not row-wise. Pros - simple, reliable, Cons - ugly
- DB-side solution.
- Implement some kind of permissions system which will control access for CRUD operations based on objects ownership, like file system permissions in Linux. Pros - less ugly, abstract from DB, Cons - I have no idea yet how to make easy and elegant implementation of it for Django.

Does anybody have better ideas?

Gill Bates
  • 14,330
  • 23
  • 70
  • 138

3 Answers3

1

The short answer is: if you don't want someone to have certain database abilities don't grant them. It appears that you are thinking there are admin panel superusers and everyone else.

Django allows much more fine grained control over Users, Permissions, Authorization, and even Admin Panel privileges. Indeed, too much control to elaborate here when the documentation does such a good job of it.

msw
  • 42,753
  • 9
  • 87
  • 112
  • What if admin is technologically illiterate (not only pythonistas uses web-sites)? Or if during deploy some data will become inconsistent, it might cause functionality degradation. – Gill Bates Oct 04 '13 at 14:29
  • I don't mean to be dismissive, but it is very difficult to code around social issues like "administrator incompetence". Such problems are is wildly resistant to technical solutions. – msw Oct 04 '13 at 15:44
  • 1
    The "hack" for this would be something along the lines of note to the customer saying "I am giving you superuser privileges at your request. Please be aware that this gives you the power to hose the system I built for you; Sicromoft can't be responsible for damage you do to your own system'. I'm sure a lawyer would phrase that more nicely than I. – msw Oct 04 '13 at 15:48
  • Dead link, 404. – jlandercy Nov 27 '22 at 08:36
0

In Django there is no real built-in way (that I am aware of) that prevents "accidental deletion". If you are using the admin, they do provide confirmation pages whenever you want to delete a record that can help curb the potential problem. As @msw mentioned, the user authentication system is designed to help you enforce permissions, but would not prevent accidental deletions if the individual has the proper permission to begin with...

...an alternative strategy would be to prevent deletions on the database entirely (at the web application level). You can give the "illusion" of a delete from the user's perspective by flagging and filtering out any "deleted" records to your user. That way, restoring information would be as simple as toggling/resetting the flag in the record. You would have to override the proper deletion signals as well.

Joseph Paetz
  • 876
  • 1
  • 7
  • 12
  • The alternative strategy (though clever) seems really scary in practice: "But I deleted that entry!?!" "No, it only looks like you deleted it to you, I see it fine. "Argh!" (±0) – msw Oct 04 '13 at 13:56
  • That's a potential problem if the users of the system were aware of the implementation details. I think you will find it a welcomed feature in the long run. Imagine the other concerns it simultaneously addresses (i.e. a disgruntled employee running rampant with their permissions, deleting everything they can the day before they quit). This should be no more scary than a file backup system that keeps a copy of the file even if it is deleted on the system it is backing up. – Joseph Paetz Oct 04 '13 at 15:09
0

I'm not sure I completely understood your question, but here it goes:

I see two ways of protecting a model for being deleted:

  • Override the delete() method, and make it check a set of rules that enforce the consistency you require. E.g. if one of the consistency rules fail, you raise an exception to be properly handled.
  • The other is through autorization, aka permissions. You can manage permissions users have to delete particular models, as explained in this answer.

I notice that Django default permissions API does not support specific object's permissions, only permissions applied on models. However, there are third-party apps that provide this, such as this one.

Community
  • 1
  • 1
Jorge Leitao
  • 19,085
  • 19
  • 85
  • 121