Secure data access
We need to design a clear pattern for secure access to data in DB.
Currently we have db/api.py module where we filter some types of objects by project id. This approach doesn't seem to be maintainable and flexible enough.
Here's a list of the ideas we could try:
1. Build a Secure DB API on top of regular DB API that would be aware of Mistral security context and transparently apply all needed filtering for all secure objects.
2. Implement a decorator @secure_object that would do similar logic so that we could apply it for DB models (or DB access methods).
Blueprint information
- Status:
- Complete
- Approver:
- Renat Akhmerov
- Priority:
- Medium
- Drafter:
- Renat Akhmerov
- Direction:
- Needs approval
- Assignee:
- Renat Akhmerov
- Definition:
- Approved
- Series goal:
- Accepted for kilo
- Implementation:
- Implemented
- Milestone target:
- 2015.1
- Started by
- Renat Akhmerov
- Completed by
- Renat Akhmerov
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Working on secure DB access layer
Addressed by: https:/
Working on secure DB layer
Addressed by: https:/
Working on secure DB access (part 3)
Addressed by: https:/
Working on secure DB access (part 4)