FilterBackends & Custom Permissions
In !175 (merged), we introduced the idea of attaching FilterBackends
to custom permissions classes. We did this because we wanted to be able to filter query sets in automatic views whilst allowing for the best performances we could (#299 (closed) )
Extending LDPPermissions
now entails also defining a FilterBackend
in order for the LDPViewSet
to continue to be automatic. This isn't necessarily a problem as DRF doesn't apply permissions classes to views automatically (for performances), but it's not evident to DjangoLDP package developers who are mostly omitting this step
There are three courses of action which I can think of:
- the documentation needs to be improved (there is currently only a guide, separated from the main repository (#279 ))
- a
FilterBackend
provided which can automatically apply permissions (whatever the performance hit... the package developer needs to override if they need better performance?) - a warning or error thrown if the
FilterBackend
is not overridden in a custom permissions class, and not explicitly made blank (explicit is better than implicit)