I
I
Invoker3222020-02-27 11:14:58
React
Invoker322, 2020-02-27 11:14:58

Custom rights and roles through django rest framework without touching django itself. Bad idea?

There are several types of users on the site, for the role - the moderator displays his own list of users and he can only interact with them, like another moderator only with users who are assigned to them.
So, is it a good idea to write a custom admin panel and use custom rights only through DRF.
For example, under displaying a list of users, in the api class there will be isModerator and isHasOwnClients rights (Displaying specifically your attached users)
Is this enough for normal security or is it better to write rights in Django itself?
I roughly understand how you can implement these custom rights, but I would like to hear advice. And is it bad practice to start writing your own admin panel without affecting the standard one? As if in parallel, just using the isAdmin rights and new custom ones. Thank you in advance.

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question