I just finished coding a django app that helps music producers coordinate projects and I am trying to solve a small problem I am facing.
On a given project, users have specific roles (sound tech, drummer, production manager et cetera). Depending on their role, I want them to be able to see only some informations of the project.
For example, the production manager should be able to see the project budget but the drummer no.
How can I do it? I thought about using groups but I am not sure yet how.
CodePudding user response:
First, you would have to assign different roles to the different users (you can do this manually, in the admin panel, or even computationally).
To create a group, you can try something like this, where drummer can be any role that you want:
from django.contrib.auth.models import Group doctor_group, created = Group.objects.get_or_create(name='drummer')
Next, you can add, set, remove, or clear a user's permissions.
For example, if I wanted to assign user b the role drummer, I would use something like this: doctor_group.permissions.set([permission_list])
Here is a full list of permission functions:
doctor_group.permissions.set([permission_list])
doctor_group.permissions.add(permission, permission, ...)
doctor_group.permissions.remove(permission, permission, ...)
doctor_group.permissions.clear()
You can also add users to groups using this syntax, depending on how your models are set up. user.groups.add(doctor_group)
Finally, you can check if a specific user is in a group by using the .exists()
method, and authenticating a user.
Something like this should work:
def is_drummer(user):
return user.groups.filter(name='drummer').exists()
from django.contrib.auth.decorators import user_passes_test
@user_passes_test(is_drummer)
def my_view(request):
pass
You can learn more about specific Django groups & roles here.
CodePudding user response:
Anticipate you'll be changing permissions for those roles for each project? I'd create a through table for ProjectRole with a set of fields that includes the booleans for what you want to restrict by.
Fields like: project, role, view_budget, view_members, admin_project
You'd also have a table for UserRole which maps the users to project_roles. It becomes easy to query a project based permission for any given user. This all depends on if you are going to have fixed permissions for each project, or if they are going to vary. Like can a production manager see budget for every project, for every project they are a production manager, or just for this one project, but maybe another project doesn't let the production manager see the budget.
Decide where you want to assign the permissions (role, role & project) first. If it is just on the role, then you may want to use the built in Django permissions and a subsequent query to ensure they are also on the project.
Provide concrete details on your requirements, and then it will become easier to suggest a model structure to fit.