How to keep an app engine entity imported as a module to a user.py and an admin.py file consistent
Essentially I am creating a webapp for a customer with a business that would allow customers of his business to be able to purchase specific things which I set up as entities. However, my customer wants to be able to have a specific page where he can post/upload images of his items, and based on:
-it seems I can't do an administrator login, so is there a way using the user model object to specify a specific page for a particular user login via a google account? So essentially I was thinking that I would create 2 different python and html pages one for the customers and one for the administrator/buiness owner. Depending on a specific login I would route accordingly. I am a relative newbie to Google App Engine, and have a short amount of experience with Python. The business owner created the app engine specific domain name and I was invited as a developer, so I am assuming he is considered the admin so I think I can use: https://developers.google.com/appengine/docs/python/users/adminusers
The thing I am uncertain about is whether images, strings, blobs, etc. associated with a particular entity when written will be displayed to two different files: user.py and admin.py. So I want the business owner to be able to post an item and the user to be able to see that same item.
What you're describing is basically an ACL (Access Control List), which is a mechanism for associating a user (a person or process) with a set of permissions (view, create, update, delete, etc.)
Within your application, you can create a new ACL model that stores a relationship between a User object and a set of permissions. Within each of your pages, check that the current user has the appropriate permission to perform the specified action on that page (e.g. an instance of the ACL model that pairs the current user with the permission you are checking).
You can abstract this further with a concept of "roles", which are a collection of permissions. For instance, you can create an "admin" role, with the permission to view the admin pages, and create or delete entities. The "customer" role may only have the ability to view entities.
Here's some example code that demonstrates how your app might use this:
class ACL(db.Model): user = db.UserProperty() permissions = db.ListProperty(str) # there are lots of other ways to store the permissions as well
After you've added an admin user, you'll have a row in the datastore that looks something like this:
User Permissions firstname.lastname@example.org ['ADMIN_VIEWER', 'ADMIN_EDITOR']
Within your code on your admin page you can do:
user = users.get_current_user() acl = db.GqlQuery("SELECT * FROM ACL WHERE user = :1", user).get() if 'ADMIN_VIEWER' in acl.permissions: # continue else: # unauthorized
You can put the current user's ACL in memcache if you anticipate doing many lookups.