Have you tried of django-guardian ? What do you think about it ? TBH I never actually used it (I've been doing Django for 9 years and have never used a permission table), but I think it does what you want.
>From my experience, permissions are thought of something that can be calculated on the fly, and that's always been the shortest path. The only thing is, that you *should* then setup your base queryset per-model per-user OOAO, and then setup permissions per view. Also, I don't understand how to make DRY code with the permission system: check a permission to display or not a link in the template, and also duplicate this check in the view's dispatch or something. Nowadays, I prefer to set View.allow to a function I re-use, and call it in dispatch exactly like jinja templates and have a queryset generator that takes a user argument that all views in a given url router will use by default: List, Delete, Update, and so on, rather than maintaining boilerplate code to maintain a database table when something else changes in the database. While I can understand how you could need django-guardian in some projects, I can understand why you want security as a feature in any project ;) Keep up the great research ! <3 -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAC6Op19xnSfM7KbJryJE5kYnY5BeSZ4tx8G5f3CvXEo0EU335Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.