I am developing a Django app being a Web frontend to some Oracle database with another local DB keeping app's data such as Guardian permissions. The problem is that it can be modified from different places that I don't have control of.
Let's say we have 3 models: User, Thesis and UserThesis.
UserThesis - a table specifying relationship between Thesis and User (User being co-author of Thesis)
Scenario:
User is removed as an author of Thesis by removing entry in UserThesis table by some other app.
User tries to modify Thesis using our Django app. And he succeeds, because Guardian and Django do not know about change in UserThesis.
I thought about some solutions:
Having some cron job look for changes in UserThesis by checking the modification date of entry. Easy to check for additions, removals would require looking on all relationships again.
Modifying Oracle DB schema to add Guardian DB tables and creating triggers on UserThesis table. I wouldn't like to do this, because of Oracle DB being shared among number of different apps.
Manually checking for relationship in views and templates (heavier load on Oracle).
Which one is the best? Any other ideas?
I decided to go with manually checking the permissions, caching it whenever I can. I ended up with get_perms_from_cache(self, user) model method which helps me a lot.