The Pit of Success for Per-Object Permissions in Django

Oct 22 3:49 PM CDT :calendar:
Audience level: Intermediate

About This Talk

Privacy is important, but permissions are hard. Even more, the Django permission framework only supports subject-verb relation guards (does someone have permission to write) but not subject-verb-object relations (does someone have permission to write in this table). Other existing Django middleware extensions such as django-guardian and django-rules address this, but require manual and explicit permission checking for every access.

Wouldn’t it be nice if Model.objects.all() automatically only returned the set of objects which the active requesting user had permission to see? Or, if you tried to save a change to a model object you’d automatically get an error if the user doesn’t have the appropriate permissions? For this purpose, I developed a tool to do all of this as an easy-to-install and configure middleware with acceptable runtime overhead. It provides security-by-design, because it automatically takes permissions into account system-wide. Through that, it drastically reduces the possibility of high impact bugs and declutters the code from privacy checks. In this talk, I’ll showcase how one can hook into Models, Managers and Descriptors to enable the ‘magic’ behind this framework. I’ll also discuss key performance considerations as well as our experience running it in production.


    Photo of Madelaine Boyd

    Madelaine Boyd

    Madelaine is currently at building an immediately productive, shareable cloud database. Previously, she built and led a team to improve the end-to-end containerization, deployment, and orchestration of Facebook’s private cloud, and built both software and firmware for ML-powered hearing aids. She’s worked on everything from mobile infrastructure and compilers, to front-end product, even Windows Desktop software. However, Madelaine’s technical accomplishment of which she is most proud was when she changed her job title to zalgo text and broke Facebook HR’s data pipelines. She once won a rap battle by rhyming with “vim.”