Hi Nick.
can you tell me how this is different that the stuff Chris Long
worked on in his branch?
It seems very similar.
regards
Ian.
On 20/10/2006, at 6:24 AM, [EMAIL PROTECTED] wrote:
>
> Note: I have tried to post this two other time, but the thread wasn't
> added to the group. I apologize if this shows up multiple times on
> the
> list. I just want to make sure that it's being sent out.
> ----------------------------------------------------------------------
> ----------------------------------------------------------------------
> -----
>
> All,
> I'm trying to add some security features in my application that would
> provide the following functionality:
>
> 1)Isolate each instance of an object from other users. For
> example, if
> users A, B, & C create schedules, they should only be able to act on
> there own schedules by default.
> 2)Grant Specific rights on objects, "schedules" , that the user
> owns. Here are some scenarios:
> - Lest say that user A would like to give user B the ability to view
> their schedule, but nothing else.
> - User A would like to give user C the ability to view and edit their
> schedule.
> - User B would like to give everyone the ability to view there
> schedules(make it public).
> 3) The ability to create and use new permissions.
>
> As you can see, I'm just trying to give each user the ability to
> control what is done with there objects. I have been playing around
> with different methods of achieving this with Django, but haven't be
> able to resolve the issue yet. Here is a prototype (see model below)
> where I create a custom group with members and permissions. This
> would
> allow the user to create a group that they own named "Schedule
> Viewers" and add users to the group members list, then give them the
> view permission. This also gives the user the ability to easily
> associate a group for each schedule object. The idea is to filter
> queries by owners, and group members with there permissions. I
> initially tried using the built in group and group permissions tables,
> but couldn't determine how to isolate the groups and permissions from
> other users.
>
> This all leads me to a number of questions:
> - Is this prototype way off base(see model below), if not how could I
> improve or fix this design?
> - Is there a way to solve this problem with the built in
> authentication
> tools?
> - If there isn't do you know of another method of solving this
> problem?
>
>
> I'm working on a fairly tight deadline, so I may not have time to roll
> my own, especially with my current intermediate Django skill level. I
> have looked at the RLP branch, but do not want to build against
> something that isn't in the development trunk or a well maintained
> Plugin.
>
> Here is the current iteration of the prototype model:
> ===============================================================
> from django.db import models
> from django.contrib.auth.models import User
>
> # Create your models here.
>
> class AccountGroup(models.Model):
> owner = models.ForeignKey(User, related_name='owners')
> name = models.CharField(maxlength=50)
> grant_view = models.BooleanField(default=False, blank=True,
> null=True, help_text="Optional")
> grant_edit = models.BooleanField(default=False, blank=True,
> null=True, help_text="Optional")
> grant_delete = models.BooleanField(default=False, blank=True,
> null=True, help_text="Optional")
> grant_create = models.BooleanField(default=False, blank=True,
> null=True, help_text="Optional")
> grant_all = models.BooleanField(default=False, blank=True,
> null=True, help_text="Optional")
> members = models.ManyToManyField(User,related_name='members')
>
> def __str__(self):
> return "%s, %s" %(self.name, self.members.all())
>
> class Admin:
> # Currently only returns the object references for members.
> list_display = ('name', 'members',)
>
> class Schedule(models.Model):
> owner = models.ForeignKey(User)
> acct_grp = models.ForeignKey(AccountGroup, blank=True, null=True,
> help_text="Optional")
> public = models.BooleanField(default=False, null=True,
> help_text="Optional")
> start_date = models.DateField(blank=True, null=True,
> help_text="Optional")
> start_time = models.TimeField(blank=True, null=True,
> help_text="Optional")
> end_date = models.DateField(blank=True, null=True,
> help_text="Optional")
> end_time = models.TimeField(blank=True, null=True,
> help_text="Optional")
>
> def __str__(self):
> return "%s, %s, %s, %s " %(self.start_date, self.start_time,
> self.end_date, self.end_time)
>
> class Admin:
>
> list_display = ('start_date','start_time','end_date',
> 'end_time',)
>
> class Meta:
> #Add some addtional permissions to test/play with this
> fuctionality.
> permissions = (
> ("can_view", "Can View"),
> ("can_edit", "Can Edit"),
> ("can_confirm", "Can Confirm"),
>
> )
>
> ======================================================================
> ===
> Your advice is much appreciated!
>
> Regards,
> Nick Pavlica
>
>
> >
--
Ian Holsman
[EMAIL PROTECTED]
http://VC-chat.com It's what the VC's talk about
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
