Re: Multi Client Django System

Mon, 25 Feb 2013 01:19:09 -0800 

We achived the second level auth, by tying an extended group to a company,
all company members are part of this group, so we can leverage the normal auth mechanismen. 

Hope this gives you an idea.

Thanks
Frank

class CompanyManager(models.Manager):
    filter_by_user_limit_field = None

    def by_user(self, user):
        """

        Extension for filtering organization objects (also related 
objects) by

        the groups of a user.

        Avoiding that a user can touch other organization objects. 
Superusers and

        Partner Administrators are able to see all organizations.
        """
        # if the user is not logged in - no data
        if not user.is_authenticated():
            return self.none()

        # TODO: optimization: would be nice to find a way to make 
by_user chainable like .filter(), ...

        return self.limit_queryset_by_user(
            self.get_query_set(),
            user,
            self.model.filter_by_user_limit_field
        )

    @staticmethod
    def limit_queryset_by_user(qs, user, field_key):
        if user.is_superuser.count()>0:
            return qs
        kwargs = {}
        if field_key and user.groups.count() > 0:
            kwargs[field_key] = [u['id'] for u in user.groups.values('id')]
        return qs.filter(**kwargs)

And in the model

class Company(ExtendedModel):
    name = models.CharField(max_length=64, unique=True)
    slug = models.SlugField(unique=True)
    is_active = models.BooleanField(null=False, blank=False, default=True)

    filter_by_user_limit_field = "organizationgroup__in"
    objects = CompanyManager()

class CompanyGroup(Group):
    """
    User group of the Organization
    """
    organization = models.OneToOneField(Organization)


Am 23.02.2013 17:00, schrieb Gabriel - Iulian Dumbrava:

How I would do it would be to have a special column (foreign key) in each table 
(model) called Company (company_id) and change all default managers to filter 
on company_id = logged_in_user.company_id.

In this way you are sure tha users only see what belongs to their company.

You would have to pass the company_id to models, probably with a middleware 
which gets it from the logged in user and saves it somewhere.

And you also have to save the default value of company_id to each newly created 
entry in every table, probably from the same source as above.



--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
























					Reply via email to