On 2017-07-25 11:40, Thomas Güttler wrote:
> I would like to reduce the "ifing and elsing" in my python code (less
> conditions, less bugs, more SQL, more performance)
>
> Regards,
> Thomas Güttler
>
A quick brainstorm:
You could, probably...
but you'd have to create a separate database user for every Django user,
get Django to connect to the database as that user
and setup policies for each of those users, for every use-case.
When I look at an example policy from the manual:
CREATE POLICY fp_u ON information FOR UPDATE
USING (group_id <= (SELECT group_id FROM users WHERE user_name =
current_user));
I'm not sure if this is any less bug-sensitive than an IF in Python...
And don't forget you have to interpret any error-response from the
database into
something that Django can make understandable to the end-user.
I'm not saying row-level security is bad, far from it, but I doubt that
using it
to replace Django's own security is going to magically make life much
easier.