0

I have two groups 'user' and 'moderator' with no specific permissions added (Chosen permissions empty).

I have also three views to add/edit/delete objects, user can only add whereas moderator can edit/delete

views.py

class AddView(GroupRequiredMixin, CreateView):
  model               = Post
  form_class          = UpdateForm
  template_name       = 'post_add.html'
  group_required      = u"user"


class UpdateView(GroupRequiredMixin, UpdateView):
  model               = Post
  form_class          = UpdateForm
  template_name       = 'post_update.html'
  group_required      = u"moderator"

class DeleteView(GroupRequiredMixin, DeleteView):
  model               = Post
  template_name       = 'post_delete.html'
  group_required      = u"moderator"

The question is do i need to add permissions to the groups or it is the same thing if I leave the groups empty? for exmple add a permission to group 'user' that he can only add objects to model post ? or it is not needed ? thanks

DAMAR225
  • 1,993
  • 1
  • 13
  • 22
  • Shortly, nothing happen. – Toan Quoc Ho Sep 03 '19 at 00:23
  • So is this not a bad practice? Or there is no way user don't have moderator group to delete or edit? – DAMAR225 Sep 03 '19 at 02:38
  • I mean in this case there is no need to add permissions to this two groups? – DAMAR225 Sep 03 '19 at 02:39
  • Yeah it's not a bad practice. I've worked on some django project and even a big project. They still use like yours. Just need to add when you want to check the specific permission. But in your case you just want to cluster your users so that it's not necessary to add permission for groups. – Toan Quoc Ho Sep 03 '19 at 02:58

0 Answers0