2

I have a range of models for my Django project. Everyone with a login has a Profile. A Profile will have certain permission access to the different parts of the website... Be able to view or edit certain accounts in the Account model. Be able to view or edit certain accounts in the Module model. Be able to delete or be blocked from accessing other Profiles. etc. People with Profiles do not access the normal Django built-in admin, it's all a custom website-side area where all of this stuff will take place.

Django's built in permissions stuff didn't seem to cover this sort of module/row level permissions. I was thinking of having a simple Permissions model with Profile and Permission Type foreign keys in them. Then all the things I want to be accessable only by Profiles with permissions will have a many to many to this Permissions model. But I'm not sure that's how to go about it?

What is an ideal way of doing permissions for the profiles to restrict access to rows of other models?

littlejim84
  • 9,071
  • 15
  • 54
  • 77

1 Answers1

1

Check out Florian Apolloner's Django Advent post on Object Permissions. I found it to be a decent way of doing object-level permissions.

David Wolever
  • 148,955
  • 89
  • 346
  • 502
  • Great link... that has helped me. Through that link, I came across a few different solutions and settled on Django Guardian. Fantastic for object level permissions. – littlejim84 Feb 16 '11 at 10:16