Note: I have tried to post this two other time, but the thread wasn't
added to the group. I apologize if this shows up multiple times on the
list. I just want to make sure that it's being sent out.
-------------------------------------------------------------------------------------------------------------------------------------------------
All,
I'm trying to add some security features in my application that would
provide the following functionality:
1)Isolate each instance of an object from other users. For example, if
users A, B, & C create schedules, they should only be able to act on
there own schedules by default.
2)Grant Specific rights on objects, "schedules" , that the user
owns. Here are some scenarios:
- Lest say that user A would like to give user B the ability to view
their schedule, but nothing else.
- User A would like to give user C the ability to view and edit their
schedule.
- User B would like to give everyone the ability to view there
schedules(make it public).
3) The ability to create and use new permissions.
As you can see, I'm just trying to give each user the ability to
control what is done with there objects. I have been playing around
with different methods of achieving this with Django, but haven't be
able to resolve the issue yet. Here is a prototype (see model below)
where I create a custom group with members and permissions. This would
allow the user to create a group that they own named "Schedule
Viewers" and add users to the group members list, then give them the
view permission. This also gives the user the ability to easily
associate a group for each schedule object. The idea is to filter
queries by owners, and group members with there permissions. I
initially tried using the built in group and group permissions tables,
but couldn't determine how to isolate the groups and permissions from
other users.
This all leads me to a number of questions:
- Is this prototype way off base(see model below), if not how could I
improve or fix this design?
- Is there a way to solve this problem with the built in authentication
tools?
- If there isn't do you know of another method of solving this problem?
I'm working on a fairly tight deadline, so I may not have time to roll
my own, especially with my current intermediate Django skill level. I
have looked at the RLP branch, but do not want to build against
something that isn't in the development trunk or a well maintained
Plugin.
Here is the current iteration of the prototype model:
===============================================================
from django.db import models
from django.contrib.auth.models import User
# Create your models here.
class AccountGroup(models.Model):
owner = models.ForeignKey(User, related_name='owners')
name = models.CharField(maxlength=50)
grant_view = models.BooleanField(default=False, blank=True,
null=True, help_text="Optional")
grant_edit = models.BooleanField(default=False, blank=True,
null=True, help_text="Optional")
grant_delete = models.BooleanField(default=False, blank=True,
null=True, help_text="Optional")
grant_create = models.BooleanField(default=False, blank=True,
null=True, help_text="Optional")
grant_all = models.BooleanField(default=False, blank=True,
null=True, help_text="Optional")
members = models.ManyToManyField(User,related_name='members')
def __str__(self):
return "%s, %s" %(self.name, self.members.all())
class Admin:
# Currently only returns the object references for members.
list_display = ('name', 'members',)
class Schedule(models.Model):
owner = models.ForeignKey(User)
acct_grp = models.ForeignKey(AccountGroup, blank=True, null=True,
help_text="Optional")
public = models.BooleanField(default=False, null=True,
help_text="Optional")
start_date = models.DateField(blank=True, null=True,
help_text="Optional")
start_time = models.TimeField(blank=True, null=True,
help_text="Optional")
end_date = models.DateField(blank=True, null=True,
help_text="Optional")
end_time = models.TimeField(blank=True, null=True,
help_text="Optional")
def __str__(self):
return "%s, %s, %s, %s " %(self.start_date, self.start_time,
self.end_date, self.end_time)
class Admin:
list_display = ('start_date','start_time','end_date',
'end_time',)
class Meta:
#Add some addtional permissions to test/play with this
fuctionality.
permissions = (
("can_view", "Can View"),
("can_edit", "Can Edit"),
("can_confirm", "Can Confirm"),
)
=========================================================================
Your advice is much appreciated!
Regards,
Nick Pavlica
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
