Am Samstag, 18. März 2017 06:00:14 UTC+1 schrieb Melvyn Sopacua: > > On Thursday 16 March 2017 02:29:21 guettli wrote: > > > > > In our custom code we already skip check1 and do only check2. > > > > Why do you even do these checks? >
Good question. I want to get all users which have a given permission. Here is one implementation of it. https://code.djangoproject.com/ticket/18763 The resulting SQL uses several OUTER JOINS resulting in this issue: https://code.djangoproject.com/ticket/27260 We work-around it by serializing to IDs and then using the IDs in the next .filter() ... not nice but works. Regards, Thomas Güttler > There's a view decorator and class-based view mixin. All you need to do is > make good groups and users and the rest follows. > > > > If you want to define a new permission type, you can do it in the model > meta class. Not one place requires manual permission checks - when you > stick to the model level. > > > > If you need to enforce permissions at the model instance level, then don't > reinvent the wheel. There's a few packages out there, who have already > solved the problem - Django Guardian being one of them. > > -- > > Melvyn Sopacua > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/32bf5e18-4f13-47f7-a1c6-d2162016a36a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.