Wednesday, November 26, 2014

Re: Is it wrong to disable a lot of the core django features?

Hi John,

I don't know if this would work for you as you indeed have an extra level.
I'll do it this way

Authorities are the permissions from Django, for example you may have custom permissions (authorities in your case): "can_add_employee", "can_edit_employee", "can_view_employee"
Roles would be the groups from Django, for example you might have:
"HR" with "can_add_employee", "can_edit_employee", "can_view_employee"
"Employee" with "can_view_employee"

Then you have companies, a different model, where you assign different Roles. I believe that in order to use the auth system, upon registration and company assignment you would have to also add the user to the custom Roles that the company has available. In this way you have a relation:
CustomUser -> Roles (groups in Django) -> Authorities (perms in Django)
Then of course you can assign CustomUser -> Authorities separately.

Check the custom permissions doc.

I don't know if this is ok for you, but I think it might help.

If you want to drop this functionality you may of course create your own decorators and template tags to help you with a parallel auth system
Gabriel

sâmbătă, 22 noiembrie 2014, 22:11:13 UTC+2, John Rodkey a scris:
Gabriel,

How would you store groups for each company within the default "groups" database?  Our current database design is

Company
CustomUser belongs to Company
Roles belongs to Company (replacing default "Groups" with "Roles")
Roles has many Authorities (replacing default "Permissions" with "Authorities")
*additional tables will be configured for assigning Roles to CustomUsers most likely through a many to many - join

Using our very limited design above, what would you recommend approach be for using the providing "Grouping/Perms"?

On Saturday, November 22, 2014 3:58:17 AM UTC-6, Gabriel - Iulian Dumbrava wrote:
Hello!

I would suggest to not drop the use of the built in auth module. You have many template and view tags, decorators, etc which are very helpful.

You may, for example create a group for each company/branch then add each user to their respective groups upon registration.

Each groups may have custom permissions, so you are not stuck with the built in add/edit/delete rights. You may create any type of permission and check for it in verious places.

vineri, 21 noiembrie 2014, 22:18:27 UTC+2, John Rodkey a scris:
We are evaluating django for a new internal CRM project and have issues using many of the built in features including: the base user, permissions, and authentication.

We do not wish to use the built-in admin...  The level of complexity for our permissions will be based on the employees job function/role.  While django does offer "Groups" under permissions, we have many subsidiaries which may name their own groups, this is our reasoning for dumping the built-in permissions.

What we are trying to accomplish -

1. User registration and authorization based on users email address. (We believe this could be created with the "Custom User" information found in the docs.)

2. Depending on the users email domain (the subsidiary) they work for, they will only have access to that data (We do not believe django offers this, and will be building it)

3. Each company (subsidiary) will have their own permission roles/groups (We do not believe this is available in django, please correct if wrong).

4. Each user will be assigned role(s)/permission(s) for their company (We believe this will need to be a custom tool)


Is there a simple solution to altering the built-in authentication and permission to fit our needs?  


--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/41f1fe06-9006-48bc-bdc8-7a1b6f4d6cc1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment