On Oct 14, 12:54 am, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote: > On Mon, 2008-10-13 at 19:39 -0700, tvaughan wrote: > > let's say i'm building and on-line sudoku game. i want two types of > > users. the first are those users that would play the game. and the > > second are those that are built-in django users who would use the > > django admin interface to mange the data model (create games). > > > is the typical pattern to use the built-in django user model for the > > first type of user described above? i'm a little weary of mixing the > > two where the only thing that separates them is the is_superuser > > field. i would expect two completelyseparateuser tables with > >separatepermissions. > > I think you're worrying about the sky falling a bit too much here. What > does "completelyseparatepermissions" really mean? Probably no more > than one of the classes of users has an extra bit of permission that > allows them to use the admin interface (the extra permission is what > makes it a different class of users). If you split them intoseparate > tables, you're going to have tons of duplicated logic (introducing extra > bugs). You'll also either needing to copy every using from the standard > table to your extra table, or make every use who uses django admin have > to create another (unprivileged) account just to play a game. Letting > your admins also use the site would usually be considered a good thing. > > Django's user system is designed to handle privileged and unprivileged > users. What problem are you actually worried about? >
I don't have one just yet. Although I'm more concerned about careless mistakes in software versus a malicious attack. It just strikes me as dangerous that the only thing that prevents a user who uses a site (e.g. plays a game of sudoku) from administering the site internals is just the flipping of a bit in a table. I'm definitely ok with admins having to create another account to use the site. The two pools of users seems to me to be totally unique, and shouldn't overlap in anyway. Thanks. -Tom --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---