Yeah, way more than you can think. In this case I’m talking about the e-cidadania permission system. We all know that django provides some basic permission system at model level, but in the case of e-cidadania it wasn’t enough. We needed very detailed object level permissions.
First of all let me tell you that the e-cidadania project is run by only one person: me. At the time of designing the base of the project the object permission systems available were really outdated or didn’t even work, so I had to make a workaround that at the moment seemed a good idea, even after trying some example cases, it was based on three fields in what I call the “father” model, a model that doesn’t control everything but is the base of all the rest of the modules (if you want to take a look, it’s the Space module).
As I was developing everything went fine, then the class-based views came out and I couldn’t make the proper validations, so I had to make another workaround in the get_object method. It turned out to be “consistent” but I didn’t had enough time to test it, and I continued developing the platform, in some cases with the help of some people that joined temporarily the project (GSoC 2012, pre-GSoC 2013) and everything seemed fine, until a week ago.
Let me tell you, e-cidadania has almost 60Ksloc (stats here) and currently has 12 modules, there are still a couple of modules to develop. I was so centered in development that totally forgot to test all the user roles in the platform (it would take me 4 times the time it was taking) and I convinced my workmates (which are not related to IT, that’s a different story) to make some basic usage testing. What we discovered was that most of the permissions failed, and the validations didn’t work as expected, allowing in one of the use cases an anonymous user to enter in private spaces and even interact in them!
And I had t redesign the permission system. From scratch. Luckily django-guardian is up-to-date now and we’re using it, but I didn’t know all the work we had to do until I finished planning the new design. Not only we had to redo all the views of the platform, we also had to modify all the permissions in the models, all the checks in the templates, everything from ground up! And that will take quite a while, and we planned to release e-cidadania 0.1.9 on April, and there’s a lot of work to do yet, and a lot to polish, and only a pair of hands is working on it.
So be careful with sofware design, it can cost you more than you think.