Good day dear fellow Django developers, Current permissions scheme in Django does suffer many flaws Like Inconsistency with permissions for proxy models #11154 <https://code.djangoproject.com/ticket/11154> and the fact that permission names are not translatable (no translation in the database) and the Permission Widget (FilteredSelect) is not very user friendly if we have a lot of models. Some of these issues have some work around like gists creating correct permissions for proxy models, widgets to display the permissions in a translated Tabular format (django-tabular-permissions) But the problems are still there. And the current implementation in itself is some what naive, only add , change , delete Maybe i can delete only the records created by me, maybe i can delete but not older then 1 day unless i'm superuser
I want to suggest a complete Permission makeover Basically a new model / db table for User permissions which look something like this (and another one for the groups of course.) user_id | contenttype_id | add | change| delete 1 | 1 | True | True | False The new model can be swap-able (like the User model) so end developers might add more specified fields beside the add , change, delete like (can edit other users entries, limit to date etc.) It might be also advised to create your own Permission model at the start of the project (like what is happening now with the user model) And the current Permissions table can be used for the custom permissions . I understand that this is might not be the most backward compatible solution (although if accepted by you, we can figure this out, using data migrations or something) But Permissions in Django have been dragging for far too long, and delaying fixing them if not helping. I see the new simplified url (and letting go of the regular expressions- at least up front) and i say wow, things can change. :-) Looking forward for your much appreciated input, ideas & discussion. Thank you for your time reading this and Best wishes to all of you. Ramez -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/bbdf1910-6b89-4568-8c1b-a681b5807871%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.