是否有推荐的做法或框架来使用 google-app-engine db.Model (和/或 ndb.Model) 实现记录级别权限和属性级别可见性?
我已阅读有关模型挂钩的信息,但我很想看看是否有现有的推荐最佳实践来执行此操作。
class Person(db.Model):
first_name = db.StringProperty()
last_name = db.StringProperty()
city = db.StringProperty()
# Record level permissions:
# "top" visible only to managers
# "medium" visible to managers & supervisors
# "none" visible to all (unless other permissions restrict)
secrecy = db.StringProperty(required=True, choices=set(["top", "medium", "none"]))
birth_year = db.IntegerProperty() # Accessible only with "Manager" permission
height = db.IntegerProperty() # Writable only with "Supervisor" permission
对此的更多上下文 - 我需要这些权限检查是模型级别的,因为我希望允许用户通过简单的 JavaScript RPC 调用执行任意 GQL 查询和 DML。