Django-guardian: How can I optimize my query when using `assign_perm`?

Created on 20 Aug 2020 · 2Comments · Source: django-guardian/django-guardian

I'm currently working on a project where one room has its own group permissions.

When someone creates a new room, the system will do the following:

Creating a room
Create owner and staff groups with unique names, such as Room Owner#room#{pk}
Get list of owner and staff permissions from Room class
Make an assignment to each group
Assign owner group permissions to the user

Here is my Room model :

class Room(models.Model):
    # ...fields

    PERMISSION_GROUPS = [
        'owner': [
            ('view_room', _('...')),
            ('change_room', _('...')),
            ('delete_room', _('...')),

            ('open_room', _('...')),
            ('close_room', _('...'))
        ],
        'staff': [
            ('view_room', _('...')),
            ('open_room', _('...')),
            ('close_room', _('...'))    
        ]
    ]

This is my code for create room and generate group permissions:

from guardian.shortcuts import assign_perm

class CreateRoomView(generics.CreateAPIView):
    def _get_permission_string(self, perm):
        """
        Get string permission, the return is like 'room.add_room'
        """
        return f'room.{perm.codename}'

    def post(self):
        # Create a room
        body = {}
        room = Room.objects.create(**body)

        # Get content type
        ctype = ContentType.objects.get_for_model(Room)

        # Define name of owner and staff group for this room permission
        owner_group_name = _('Room Owner#room#{pk}')
        staff_group_name = _('Room Staff#room#{pk}')

        # Create group
        owner_group = Group.objects.create(
            name=owner_group_name.format(pk=room.pk))
        staff_group = Group.objects.create(
            name=staff_group_name.format(pk=room.pk))

        # Get permissions by group permissions
        owner_perms = Permission.objects.filter(
            codename__in=Room.PERMISSION_GROUPS.get('owner'), content_type=ctype)
        staff_perms = Permission.objects.filter(
            codename__in=Room.PERMISSION_GROUPS.get('staff'), content_type=ctype)

        # Assign owner permissions to the group
        for owner_perm in owner_perms:
            perm = self._get_permission_string(owner_perm)
            assign_perm(perm, owner_group, obj=room)

        # Assign staff permissions to the group
        for staff_perm in staff_perms:
            perm = self._get_permission_string(staff_perm)
            assign_perm(perm, staff_group, obj=room)

        # Assign owner group permission to the user
        request.user.groups.add(owner_group)

When I look at the query logs, there are a lot of queries being performed in this process.

Actually there are still a few groups and the assignment process as above, but I only included a few examples, so there are not too many.If calculated, there may be more than 50 query executions that run in this process.

So, how can I optimize the query for this problem? Can anyone share how to do it better.

Thank you,

Source

Aguezz

Most helpful comment

Use direct foreign keys, see https://django-guardian.readthedocs.io/en/stable/userguide/performance.html#direct-foreign-keys
You can pass instances of Permission to assign_perm. perm = self._get_permission_string(owner_perm) leads to an additional query per permission.
If this isn't enough you can assign the permissions in bulk, see code below. But be aware that I didn't test this code. It might need adjustments, it might not work at all.

Before:

# Assign owner permissions to the group
for owner_perm in owner_perms:
    perm = self._get_permission_string(owner_perm)
    assign_perm(perm, owner_group, obj=room)

# Assign staff permissions to the group
for staff_perm in staff_perms:
    perm = self._get_permission_string(staff_perm)
    assign_perm(perm, staff_group, obj=room)

After:

# RoomGroupObjectPermission is the model from suggestion 1, use direct foreign keys
room_group_object_permissions = [
    RoomGroupObjectPermission(
        permission=owner_perm, group=owner_group, content_object=room,
    )
    for owner_perm in owner_perms
] + [
    RoomGroupObjectPermission(
        permission=staff_perm, group=staff_group, content_object=room,
    )
    for staff_perm in staff_perms
]

RoomGroupObjectPermission.objects.bulk_create(room_group_object_permissions)

michael-k on 20 Aug 2020

❤1 🎉1 👍1

All 2 comments

Use direct foreign keys, see https://django-guardian.readthedocs.io/en/stable/userguide/performance.html#direct-foreign-keys
You can pass instances of Permission to assign_perm. perm = self._get_permission_string(owner_perm) leads to an additional query per permission.
If this isn't enough you can assign the permissions in bulk, see code below. But be aware that I didn't test this code. It might need adjustments, it might not work at all.

Before:

# Assign owner permissions to the group
for owner_perm in owner_perms:
    perm = self._get_permission_string(owner_perm)
    assign_perm(perm, owner_group, obj=room)

# Assign staff permissions to the group
for staff_perm in staff_perms:
    perm = self._get_permission_string(staff_perm)
    assign_perm(perm, staff_group, obj=room)

After:

# RoomGroupObjectPermission is the model from suggestion 1, use direct foreign keys
room_group_object_permissions = [
    RoomGroupObjectPermission(
        permission=owner_perm, group=owner_group, content_object=room,
    )
    for owner_perm in owner_perms
] + [
    RoomGroupObjectPermission(
        permission=staff_perm, group=staff_group, content_object=room,
    )
    for staff_perm in staff_perms
]

RoomGroupObjectPermission.objects.bulk_create(room_group_object_permissions)

michael-k on 20 Aug 2020

❤1 🎉1 👍1

Omg. I missed this one. I decided to use the first one. Thank you,

Aguezz on 21 Aug 2020

Was this page helpful?

0 / 5 - 0 ratings