Hi all,
I've in need of implementing (rather complex) object level permissions.
I've difficulties to determine how to proceed.
Let's assume that I've following models:
class Building(...):
name = models.TextField(max_length=100)
class Apartment(...):
name = models.TextField(max_length=100)
building = models.ForeignKey(Building)
class Door(...):
DOOR_TYPES =
(('CARAGE', 'Carage'),
('ENTRANCE', 'Entrance'),
('PRIVATE', 'Private'))
door_type = models.TextField(max_length=100, choices=DOOR_TYPES)
name = models.TextField(max_length=100)
building = models.ForeignKey(Building)
apartment = models.ForeignKey(Apartment, null=True, blank=True)
class Lock(...):
door = models.ForeignKey(Door)
class Key(...):
KEY_TYPES =
(('ALL_ACCESS', 'All access'),
('PRIVATE', 'Private'),
('PUBLIC', 'Public'))
key_type = models.TextField(max_length=100, choices=KEY_TYPES)
owner = models.ForeignKey(User)
lock = models.ForeignKey(Lock)
Now each user will have access to doors according their key:
Also user may have limited "public" key that allows access to public
places like CARAGE or ENTRANCE door.
Or like postman would have access to Entrance door only but not to
carage nor private doors (apartments).
So far I've figured out following ways to do what I'm looking for:
1) I could implement all rules to authentication backend.
2) Delegate actual permission checking to models.
3) Something else and better.
--
Jani Tiainen
- Well planned is half done and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
