Menu
I've been exploring the details of Django for about a week now and like what I see. However I've come upon some.. negativity in relation to fine-grained control of permissions to the CRUD interface.
What I'm writing is an Intranet client management web-app. The organisation is about 6 tiers, and I need to restrict access to client groups based on tiers. Continually expanding. I have a fairly good idea how I'm going to do this, but am not sure if I'll be able to integrate it well into the pre-built admin interface.
I've done absolutely zero Django development otherwise I'd probably have a better idea on whether this would work or not. I probably won't use Django if the generated admin interface is going to be useless to this project - but like I said, there is a heavy reliance on fine-grained custom permissions.
Will Django let me build custom permissions/rules and integrate it seamlessly into the admin CRUD interface?
Update One: I want to use the admin app to minimise the repitition of generating CRUD interfaces, so yes I consider it a must have.
Update Two:
I want to describe the permissions required for this project.
A client can belong to one or many 'stores'. Full time employees should only be able to edit clients at their store (even if they belong to another store). However, they should not be able to see/edit clients at another store. Casuals should only be able to view clients based on what store they are rostered too (or if the casual is logged in as the store user - more likely).
Management above them need to be able to see all employees for the stores they manage, nothing more.
Senior management should be able to edit ALL employees and grant permissions below themselves.
After reading the django documentation, it says you can't (autmoatically) set permissions for a sub-set of a group. Only the entire group. Is it easy enough to mock up your own permissions for this purpose?
380
Django is a Python-based, free and open-source web framework that follows the model-template-views architectural pattern. Django encourages rapid development and clean, pragmatic design so you can focus on writing your app without needing to reinvent the wheel.
By default, Django automatically gives add, change, and delete permissions to all models, which allow users with the permissions to perform the associated actions via the admin site. You can define your own permissions to models and grant them to specific users.
Add Permissions to a Group YourClassName' . This way, you are telling Django to use our custom user model instead of the default one. The code below should go in your admin.py file so that you can see your user model. You will see that you can select various permissions and attach them to a particular group.
If I read your updated requirements correctly, I don't think Django's existing auth system will be sufficient. It sounds like you need a full-on ACL system.
This subject has come up a number of times. Try googling on django+acl.
Random samplings ...
There was a Summer of Code project a couple of years ago, but I'm not sure where they got to. See http://code.djangoproject.com/wiki/GenericAuthorization
There is a fresh ticket at djngoproject.org that might be interesting:
There is some interesting code snips on dumpz.org:
... but there are zero docs.
Good luck!
199
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
