One of the most requested features/howtos/how-comes/why-nots that show up on the Django users list is Access Control Lists, or row-level permissions. Almost always, the question is about how to get the admin app to use them. This is outside of the scope of the admin app, and that's usually the answer that is given.
Would including a built-in contrib app that implements access control lists be outside the scope of Django? I figure a design similar to the current admin site will be needed to create a generic ACL subsystem. An access list would be defined for each app, similar to how an admin site is defined in admin.py. I'm willing to spend some time on this, but I'd like any opinions as to the best way to implement it before I spend more than a weekend or two on this idea. I don't think that there is a Django ACL implementation quite like I have in mind. Most ACL functionality I imagine is written in views that go with a specific app. A standard implementation of ACL in contrib one would allow for more pluggable pluggable apps. Let me know what you think! Thanks! Jeff Anderson
signature.asc
Description: OpenPGP digital signature
