我正在搜索有关如何使用ndb挂钩实现对Google应用引擎应用程序的行级访问的一些提示。据我所知,没有开箱即用的授权,所以我确实为模型添加了三个属性:can_put,can_get和can_delete。 然后我添加了三个ndb挂钩:_pre_put_hook(),_ pre_get_hook()和_pre_delete_hook()。
PUT确实有效,但GET会引发RuntimeError(最大递归)。
如何通过最大递归问题?
到目前为止,我确实有以下型号:
import logging
import endpoints
from google.appengine.ext import ndb
class Location(ndb.Model):
name = ndb.StringProperty(required=True)
description = ndb.TextProperty()
address = ndb.StringProperty(required=True)
can_put = ndb.UserProperty(repeated=True)
can_get = ndb.UserProperty(repeated=True)
can_delete = ndb.UserProperty(repeated=True)
created = ndb.DateTimeProperty(auto_now_add=True)
modified = ndb.DateTimeProperty(auto_now=True)
def _pre_put_hook(self):
current_user = endpoints.get_current_user()
if not current_user:
logging.debug("Location put: Invalid token.")
raise endpoints.UnauthorizedException("Invalid token.")
if self.key.id() is None:
self.can_get.append(current_user)
self.can_put.append(current_user)
self.can_delete.append(current_user)
else:
location = self.key.get()
if not current_user in location.can_put:
logging.debug("Location put: Permission denied.")
raise endpoints.ForbiddenException("Permission denied.")
@classmethod
def _pre_get_hook(cls, key):
current_user = endpoints.get_current_user()
if not current_user:
logging.debug("Location get: Invalid token.")
raise endpoints.UnauthorizedException("Invalid token.")
location = key.get()
if not current_user in location.can_get:
logging.debug("Location get: Permission denied.")
raise endpoints.ForbiddenException("Permission denied.")
@classmethod
def _pre_delete_hook(cls, key):
current_user = endpoints.get_current_user()
if not current_user:
logging.debug("Location delete: Invalid token.")
raise endpoints.UnauthorizedException("Invalid token.")
location = key.get()
if not current_user in location.can_delete:
logging.debug("Location delete: Permission denied.")
raise endpoints.ForbiddenException("Permission denied.")
但是当我通过API资源管理器运行GET操作时,我会得到以下结果:
RuntimeError: maximum recursion depth exceeded while calling a Python object
答案 0 :(得分:1)
您在key.get()
内调用_pre_get_hook
,这意味着它将以递归方式调用。您正在检查用户是否在can_put
列表中,在 get 检查内表明您的逻辑是错误的,但是必须检查can_get
列表获取实体后,或许在_post_get_hook
。