I have been thinking about this again.
Doing perm checking in code (I use Python) has the advantage that you can do logging:
def has_perm(item, user):
if user.is_superuser:
logger.debug('Access to %s for %s allowed, since user is superuser' % (item, user))
return True
if ...:
logger.debug('Access to %s for %s allowed, since ...' % (item, user))
logger.debug('Access to %s for %s not allowed.' % (item, user))
return False
We use this sometimes for debugging. This way I can see why a user is allowed to access an object or not.
This is an argument for permission checking in code.
On the other side I still think perm checking in SQL WHERE has more benefits.
Regards,
Thomas Güttler
--
Thomas Guettler http://www.thomas-guettler.de/