This is something we've been thinking a lot about recently. The direction we
are considering is something like this:
http://github.com/paltman/django-logicaldelete
This code, "logical delete," overrides the delete() method of models so that
they are simply marked as deleted, and not returned in queryset results.
However, an administrator is still able to view the data.
Our plan is to use this project as a jumping-off point, and create a scheme
(perhaps a Unix-style read/write permission set for user/group/all), and have
our models automatically do the right thing. This way, the views and other code
don't need to check permissions or do any additional filtering. It's my
understanding that record-level permissions is coming in Django 1.2, but we
can't wait that long.
The goal is to have all the code written as though permissions didn't exist,
with the models.Model subclass having special permission functionality behind
the scenes that restricted access automatically.
Is anyone doing this, or something like it? I don't want to duplicate work, and
I'd love to save time if this is a solved problem. Alternately, I'd be happy to
test and contribute to such an effort if someone has something rolling already.
Shawn
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.