Re: Django admin without Groups and Permissions. Can "groups and permissions" tables become a bottleneck?
40 views
Skip to first unread message
Message has been deleted
Mike Dewhirst
Apr 3, 2018, 10:46:53 PM4/3/18
to django...@googlegroups.com, Mateusz Kurowski
On 4/04/2018 6:14 AM, Mateusz Kurowski wrote:
> I don't need groups and permissions, but i want to use django admin.
> Ive created this simple AbstractSuperUser that looks to solve this
> case. But i wonder if thats best idea.
>
> Can "groups and permissions" tables become a bottleneck in the future
> even if i dont use any groups and permissions on any objects? I mean,
> maybe i should keep the permissions and groups in case i will use them
> in the future? i guess it wont generate extra db queries if i wont ask
> for permissions ? What if my application has 100k users?
IMO future bottlenecks should be dealt with in future. It would
definitely be more difficult to strip groups and permissions out of the
Admin than to leave them in.
If you are not going to use them just make every user a superuser. Admin
superusers automatically get permission to do everything without
permissions needing to be checked.
In future if you decide you do need groups and permissions it doesn't
necessarily mean extra db queries. Consider that groups and permissions
filters can usually be integrated into a single db query and if that
results in a smaller fetch from the database it should be quicker not
slower.
My advice is to keep them because they are fantastic and don't worry
about performance until it noticeably decreases. At that point you can
profile your code and detect the real bottlenecks. My guess is it won't
be permissions and groups but rather some other db issues.
Cheers
Mike
> '
> class AbstractSuperUser(models.Model): """ Abstract base class implementing superuser. Use this when you
> need django-admin without Groups and Permissions. """ is_staff= models.BooleanField(default=False) is_superuser= models.BooleanField(default=False) class Meta: abstract= True def permission_check(self): # we have to check for `is_active`
> # attribute, because we don't define # this attribute on this class if
> hasattr(self, 'is_active'): # inactive user has no permissions if not
> self.is_active: return False # superuser has all permissions if self.is_superuser: return True return False def has_perm(self, *args, **kwargs): return
> self.permission_check() def has_perms(self, *args, **kwargs): return
> self.permission_check() def has_module_perms(self, *args, **kwargs):
> return self.permission_check() class AbstractEmailUser(AbstractBaseUser): """ An abstract base class implementing a fully featured User
> model. E-mail address and password are required. By default User is
> inactive. Examples: `` Basic user model with custom fields: class
> User(AbstractEmailUser): first_name = models.CharField() last_name =
> models.CharField() Basic user model that works with django-admin.
> class User(AbstractEmailUser, AbstractSuperUser): pass Basic user
> model that works with Groups and Permissions: class
> User(AbstractEmailUser, PermissionsMixin) pass `` """ email= models.EmailField(unique=True, max_length=255) date_joined= models.DateTimeField(auto_now_add=True) is_active= models.BooleanField(default=False) objects= UserManager() USERNAME_FIELD= 'email' EMAIL_FIELD= 'email' REQUIRED_FIELDS= [] class Meta: abstract= True verbose_name= _('user') verbose_name_plural= _('users') class User(AbstractSuperUser, AbstractEmailUser): pass
>
>
> class UserManager(BaseUserManager): """ Base Manager for our Models. Creates users with e-mail address,
> password and all your extra fields. """ use_in_migrations= True def _create_user(self, email, password, **extra_fields): """ Creation and saving User Model instance to database happens
> here. """ if not email: raise ValueError('Email must be set.') email= self.normalize_email(email) user= self.model(email=email, **extra_fields) user.set_password(password) user.save(using=self._db) return user
>
> def create_user(self, email, password=None, **extra_fields): if hasattr(self.model, 'is_staff'): extra_fields.setdefault('is_staff', False) if hasattr(self.model, 'is_superuser'): extra_fields.setdefault('is_superuser', False) if
> hasattr(self.model, 'is_active'): extra_fields.setdefault('is_active', False) return
> self._create_user(email, password, **extra_fields) def
> create_superuser(self, email, password, **extra_fields): if hasattr(self.model, 'is_staff'): extra_fields.setdefault('is_staff', True) if hasattr(self.model, 'is_superuser'): extra_fields.setdefault('is_superuser', True) if
> hasattr(self.model, 'is_active'): extra_fields.setdefault('is_active', True) return
> self._create_user(email, password, **extra_fields)
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users...@googlegroups.com
> <mailto:django-users...@googlegroups.com>.
> To post to this group, send email to django...@googlegroups.com
> <mailto:django...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/e68d00c2-f719-4f93-b002-f0bc309e5197%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/e68d00c2-f719-4f93-b002-f0bc309e5197%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
> I don't need groups and permissions, but i want to use django admin.
> Ive created this simple AbstractSuperUser that looks to solve this
> case. But i wonder if thats best idea.
>
> Can "groups and permissions" tables become a bottleneck in the future
> even if i dont use any groups and permissions on any objects? I mean,
> maybe i should keep the permissions and groups in case i will use them
> in the future? i guess it wont generate extra db queries if i wont ask
> for permissions ? What if my application has 100k users?
IMO future bottlenecks should be dealt with in future. It would
definitely be more difficult to strip groups and permissions out of the
Admin than to leave them in.
If you are not going to use them just make every user a superuser. Admin
superusers automatically get permission to do everything without
permissions needing to be checked.
In future if you decide you do need groups and permissions it doesn't
necessarily mean extra db queries. Consider that groups and permissions
filters can usually be integrated into a single db query and if that
results in a smaller fetch from the database it should be quicker not
slower.
My advice is to keep them because they are fantastic and don't worry
about performance until it noticeably decreases. At that point you can
profile your code and detect the real bottlenecks. My guess is it won't
be permissions and groups but rather some other db issues.
Cheers
Mike
> '
> class AbstractSuperUser(models.Model): """ Abstract base class implementing superuser. Use this when you
> need django-admin without Groups and Permissions. """ is_staff= models.BooleanField(default=False) is_superuser= models.BooleanField(default=False) class Meta: abstract= True def permission_check(self): # we have to check for `is_active`
> # attribute, because we don't define # this attribute on this class if
> hasattr(self, 'is_active'): # inactive user has no permissions if not
> self.is_active: return False # superuser has all permissions if self.is_superuser: return True return False def has_perm(self, *args, **kwargs): return
> self.permission_check() def has_perms(self, *args, **kwargs): return
> self.permission_check() def has_module_perms(self, *args, **kwargs):
> return self.permission_check() class AbstractEmailUser(AbstractBaseUser): """ An abstract base class implementing a fully featured User
> model. E-mail address and password are required. By default User is
> inactive. Examples: `` Basic user model with custom fields: class
> User(AbstractEmailUser): first_name = models.CharField() last_name =
> models.CharField() Basic user model that works with django-admin.
> class User(AbstractEmailUser, AbstractSuperUser): pass Basic user
> model that works with Groups and Permissions: class
> User(AbstractEmailUser, PermissionsMixin) pass `` """ email= models.EmailField(unique=True, max_length=255) date_joined= models.DateTimeField(auto_now_add=True) is_active= models.BooleanField(default=False) objects= UserManager() USERNAME_FIELD= 'email' EMAIL_FIELD= 'email' REQUIRED_FIELDS= [] class Meta: abstract= True verbose_name= _('user') verbose_name_plural= _('users') class User(AbstractSuperUser, AbstractEmailUser): pass
>
>
> class UserManager(BaseUserManager): """ Base Manager for our Models. Creates users with e-mail address,
> password and all your extra fields. """ use_in_migrations= True def _create_user(self, email, password, **extra_fields): """ Creation and saving User Model instance to database happens
> here. """ if not email: raise ValueError('Email must be set.') email= self.normalize_email(email) user= self.model(email=email, **extra_fields) user.set_password(password) user.save(using=self._db) return user
>
> def create_user(self, email, password=None, **extra_fields): if hasattr(self.model, 'is_staff'): extra_fields.setdefault('is_staff', False) if hasattr(self.model, 'is_superuser'): extra_fields.setdefault('is_superuser', False) if
> hasattr(self.model, 'is_active'): extra_fields.setdefault('is_active', False) return
> self._create_user(email, password, **extra_fields) def
> create_superuser(self, email, password, **extra_fields): if hasattr(self.model, 'is_staff'): extra_fields.setdefault('is_staff', True) if hasattr(self.model, 'is_superuser'): extra_fields.setdefault('is_superuser', True) if
> hasattr(self.model, 'is_active'): extra_fields.setdefault('is_active', True) return
> self._create_user(email, password, **extra_fields)
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users...@googlegroups.com
> <mailto:django-users...@googlegroups.com>.
> To post to this group, send email to django...@googlegroups.com
> <mailto:django...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/e68d00c2-f719-4f93-b002-f0bc309e5197%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/e68d00c2-f719-4f93-b002-f0bc309e5197%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages