I also have experience with the limitations of the default permission system. But I don't think it is necessarily a problem. There are two options to deal with it:
- Django could add small bits of flexibility, e.g. make the group model swappable. This adds complexity that needs to be accounted for in all relevant libraries, e.g. django-guardian. - Django could make it easier to write custom authentication backends. This gives complete control to application developers, at the cost of no longer being compatible with many libraries, e.g. django-guardian. I personally lean to the second options as I believe it allows to have cleaner application designs. But it think it is hard to get the right balance. tobias On 05/11/2019 12:03, Tom Clark wrote: > I'd be very interested in this. But it seems like one helluva lot of work, > to enable people to customise their Group model. > > I think in general, there are two reasons why one want to use a swappable > model in this case: > > - To create nested relationships with e.g. mptt. > - To add a field or two onto the model. > > Couldn't these two use cases be better solved by simply updating the > existing Group model: > - Add a `meta` JSONField (now generically included in Django, not just > postgres anymore) so people can hang extra metadata in there if required > - Add mptt right in there so that groups can be added to other groups? > > We could carve code out from django-groups-manager to achive this > straightforwardly, but it introduces mptt as a dependency of a contrib app. > > What do you think, @John? Is this likely to be accepted into Django? > > > > > On Wednesday, April 3, 2019 at 12:31:59 PM UTC+1, John D'Ambrosio wrote: >> >> I believe this change is merited and I would be happy to help if others >> are interested in working this. I have actually monkey-patched it a few >> times now for two reasons: >> >> a) I want more data fields on the group itself, or >> b) I want to implement nested groups >> >> MPTT's docs suggest one approach which is gross (no offense) because it >> creates migrations in a contrib app! >> >> >> https://django-mptt.readthedocs.io/en/latest/models.html?highlight=group#registration-of-existing-models >> >> The nested group concept has the added concern of the PermissionsMixin >> leveraging a few helper functions which are defined outside of the class >> and not easily swappable themselves. Maybe if we proceed on this we tackle >> it in two phases. In the first, we can align all of the pieces to make it >> more easily swappable. In the second, we can introduce the swap. We >> definitely will want to avoid some of the pitfalls of AbstractUser and >> UserManager where one is unable to import varying degrees of scaffolding >> without invoking the concrete pieces we are not using. >> >> I agree with Tim that the swappable model approach is less than ideal and >> not well-documented for transitions, but maybe those of us who've done it >> can submit some detailed guides with some concrete steps of how to swap out >> the table namespaces and retire the old models retroactively, as well as >> the usual (maybe even stronger) encouragement to pull in the models to your >> core app up-front? Could even have startproject do it for you in the >> future... maybe recommend an "accounts" app or something? >> >> Anyway, happy to help. Please let me know if there is interest in >> proceeding. >> >> On Friday, August 31, 2018 at 4:28:30 PM UTC-4, 程SN wrote: >>> >>> Hi everybody, >>> >>> the information is not enough for my company in >>> django.contrib.auth.models.Usre and django.contrib.auth.models.Group. So I >>> custom User and Team model. >>> >>> the auth User can be changed in the django settings by AUTH_USER_MODEL. >>> But the Group cannot. >>> >>> Further, There are many group permissions problem presented when I use >>> django permissions. >>> >>> Firstly, I cannot use django.contrib.auth.ModelBackend directly. >>> >>> in django.contrib.auth.ModelBackend, Django currently bind group >>> permissions with django.contrib.auth.models.Group >>> >>> def _get_group_permissions(self, user_obj): >>> user_groups_field = get_user_model()._meta.get_field('groups') >>> user_groups_query = 'group >>> __%s' % user_groups_field.related_query_name() >>> return Permission.objects.filter(**{user_groups_query: user_obj}) >>> >>> Why the group cannot be changed in the settings like AUTH_USER_MODEL ? >>> Can Djano support AUTH_GROUP_MODEL in the further release? >>> >>> So I have to custom backend that extend django.contrib.auth.ModelBackend >>> and modify group to my team. >>> >>> But I find the other problem in my further developing. The bad design >>> limit the other app design. >>> >>> Many app about django permission , only support group permission based >>> on django.contrib.auth.models.Group, like django-guardian >>> >>> It's too bad. Please support AUTH_GROUP_MODEL >>> >>> ------------------------------ >>> Regards, >>> >>> damoncheng >>> >> > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/2239a68f-bed6-d8f8-df4a-9100febbb886%40posteo.de.
