#!/usr/bin/env python # encoding: utf-8 # # Copyright (c) 2010 Doug Hellmann. All rights reserved. # """Control access to columns using an authorizer function. """ #end_pymotw_header import sqlite3 db_filename = 'todo.db' def authorizer_func(action_code, table, column, sql_location, ignore): print '\nauthorizer_func(%s, %s, %s, %s, %s)' % \ (action_code, table, column, sql_location, ignore) response = sqlite3.SQLITE_OK # be permissive by default if action_code == sqlite3.SQLITE_SELECT: print 'requesting permission to run a select statement' response = sqlite3.SQLITE_OK elif action_code == sqlite3.SQLITE_READ: print 'requesting permission to access the column %s.%s from %s' % \ (table, column, sql_location) if column == 'details': print ' ignoring details column' response = sqlite3.SQLITE_IGNORE elif column == 'priority': print ' preventing access to priority column' response = sqlite3.SQLITE_DENY return response with sqlite3.connect(db_filename) as conn: conn.row_factory = sqlite3.Row conn.set_authorizer(authorizer_func) print 'Using SQLITE_IGNORE to mask a column value:' cursor = conn.cursor() cursor.execute("select id, details from task where project = 'pymotw'") for row in cursor.fetchall(): print row['id'], row['details'] print '\nUsing SQLITE_DENY to deny access to a column:' cursor.execute("select id, priority from task where project = 'pymotw'") for row in cursor.fetchall(): print row['id'], row['details']