Django permissions on groups of objects?

I

inno2011-06-22 22:29:44

Django

inno, 2011-06-22 22:29:44

When building a community blogging system with Django, what is the best way to control access?
It is necessary: among all users there are "owners" of blogs who can choose from all other users who "can read", "can edit" messages, etc.
Those. there are groups of objects with owners, and owners can assign rights to specific users on these groups of objects.
How it is more logical to make system of the rights?
Is it possible to use Sites for this and, for example, create a subdomain for a blog?
Or pay attention to the still poorly documented "supports_object_permissions" in your "authentication backend"? Are there any examples with the latter?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

DmZ, 2011-06-23
@DmZ

Can be divided into Sites.
But, IMHO, it will not be so flexible if you need to change something in the future.
It is better to make your own backend with authorization for a specific object - then you can create your own ACLs for each entry, which will be checked in the backend.
An example can be seen in the tests of Django itself ( class SimpleRowlevelBackend ). Attach a userlist thread to the post, which the post owner can edit, check the presence of the user in the backend, and if, for example, a view permission is requested, and the user is not in the viewlist of this object, return false.

E

EvoTech, 2012-02-21
@EvoTech

> Or pay attention to the still poorly documented "supports_object_permissions" in your "authentication backend"?
Yes, turn. In your circumstances, this is probably the best option.
guardian is not very good for you (although you can). Better github.com/maraujop/django-rules or bitbucket.org/jezdez/django-authority
django-authority is not supported, so you'll have to update it, or dig through the forks.