Lets say I have 2 models:
class Company(models.Model): name = models.CharField(...) allow_blog_access = models.BooleanField(...) allow_shop_access = models.BooleanField(...) allow_admin_access = models.BooleanField(...) class User(AbstractUser): company = models.ForeignKey(Company, ...) ... Here, users can be assigned to a company, and when a user tries to access a particular webpage, the view can check: - Does this user's company have access to this area (ex. the blog app)? This is great. That means access to particular areas (or apps) of the site can be controlled at the company level. When you create a user, you just assign him to a company, and whatever the company is allowed to access, he is as well. It makes updating access a lot easier too, when you can change it in one place (at the company level), instead of doing it for every user. The problem I'm having is that one or two users that are part of a particular company need access to most of, but not all of, the areas the company has access to. What's the best way to implement this? The main thing I can think of is to have the User class also have Boolean fields for allow_blog_access, allow_shop_access and allow_admin_access, but add another field called inherit_permissions (also boolean). It would look like this: class Company(models.Model): name = models.CharField(...) allow_blog_access = models.BooleanField(...) allow_shop_access = models.BooleanField(...) allow_admin_access = models.BooleanField(...) class User(AbstractUser): company = models.ForeignKey(Company, ...) allow_blog_access = models.BooleanField(...) allow_shop_access = models.BooleanField(...) allow_admin_access = models.BooleanField(...) inherit_permission = models.BooleanField(...) ... If inherit_permissions for a user is set, the view should look at the permissions of the company the user belongs to (request.user.company.allow_blog_access). If inherit_permissions for a user is not set, the view should look at the permissions of the user (request.user.allow_blog_access). Is there a better way to do this? Or is that the simplest? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/c0051d28-de5d-427f-87da-4bd986734f69%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
