Musings on mental algorithms

Musings on mental algorithms

Recently, I needed to add user roles to my Flask web app. I had already implemented some user management in the app and wondered what would be the best way to add roles and permissions.

I could, of course, develop it from scratch. My first thoughts were a brainstorm: which additional tables I’d need, which relationships, which functions, and where I’d need to check for permissions. Being lazy, as any programmer should be, I tried to minimize the amount of work I’d need to do by deciding on the bare minimum of features necessary for my app. Do I need roles, or can I just give users permission to access certain features? Would that make a difference?

Am I inventing the wheel again?

After this attempt to answer the question of how I would implement it from scratch, I remembered that a programmer is never alone with an Internet connection. This is a common enough feature and I’m using Python. Surely, someone has already developed a library that does exactly what I need to accomplish. Even if there isn’t a package I can just include in my code, there must be an article somewhere on best practices.

Just because I can do something by myself, doesn’t mean it’s a good use of my time to do so. People who had worked on this feature for years will have encountered (and solved) issues that I can’t even imagine as a lone programmer embarking on solving this problem. It’s always better to learn from the misfortunes of others.

So many choices! Which one is the best?

A first cursory search brought me the package Flask-User which seemed to have exactly what I needed. An easy way to set up user roles. For the fun of it, I also asked ChatGPT what it recommends, and it recommended Flask-Login (which I was already using) for authentication and session management and Flask-Principal to handle user roles. Alternatively, it recommended Flask-Security which has it all and more in a single package. When asked about Flask-User, ChatGPT gave me a generic description but wasn’t as enthusiastic about it, however much an AI chatbot can show enthusiasm about a topic anyway.

Reading through documentation and discussions around the web, I developed a feeling that Flask-User is probably not the solution I’m looking for. Flask-Principal seemed somewhat incomplete, but Flask-Security felt like the best bet. I didn’t take notes like I might have when working with a group where I’d have to back up my decision with concrete reasons, but when working alone, I tend to allow my brain to work in the background and inform me with intuition.

Then I found somewhere on Reddit an old thread that said Flask-Security may not be very current since the last update was more than a year ago. I checked its repository on GitHub, and sure enough, the project hadn’t been touched for years. However, the readme had a link to Flask-Security-Too which is a branched-off version and has been updated a few days ago. Lovely!

This one looks good. How do I use it?

I learn the best from practical examples. When it comes to learning about the features of a library, a good description will suffice. However, when I find myself ready to use a new library, I prefer to have working examples which do something like what I need to do, so I can copy and modify them. Flask-Security has plenty of documentation, but examples of its usage were scarce. Sometimes it’s nice to have someone take you by the hand and show you the basics, like in a YouTube video, but the tutorials I found were way too simple for what I needed.

The best examples I found were on GitHub where I searched for files that imported the classes I wanted to use. They were sufficient to get me started. Once I had some code to run, it was easier to search for solutions to specific bugs or configuration issues I experienced.

Final thoughts

When I was looking into possible career paths, I decided to pursue computer programming, because it promised to always give me something new to learn. Working on cutting edge of technology means making new stuff, but also using new stuff others made. New tools, new frameworks, new algorithms, new concepts, new ways of doing things. I must say, this promise continues to be fulfilled. Even as things I learned 20 years ago stay relevant and useful, there is always something new to learn.

Maybe our mental algorithms which we use to learn new things require updates from time to time. By writing my learning process down and sharing it with the world, I can more easily see where it could be improved.


Cover photo by UX Indonesia on Unsplash

Related Posts

HTMX with Flask - Bulma modals

HTMX with Flask - Bulma modals

While I used HTMX alert when deleting post comments, I felt like deleting a whole post was a bigger deal and should have a more fancy warning.

Read More
Hyperscript and Flask - Bulma dropdown

Hyperscript and Flask - Bulma dropdown

Since I got a better grasp of what HTMX is all about, I decided to see what hyperscript , a companion of HTMX, can do for my project.

Read More
HTMX with Flask - Delete a comment

HTMX with Flask - Delete a comment

My blog app written in Flask allows users to post comments under each post.

Read More