I don't have any solutions for you, but I am VERY interested in the responses, since you describe some of the same issues I will have soon but have not gotten to yet - especially the last one, which I don't think is 'minor' at all. So, how about it, all you experienced users out there? Answer this one and you get a twofer!
On Tuesday, January 28, 2014 9:59:02 AM UTC-6, Anders wrote: > > Dear Django developers, > I need a bit of advice on how to solve an authorization problem. > > My site is a is still being designed in my mind but think of it as a > portal of mini-facebooks (Gang); > In each Gang there functions such as write on wall, upload pictures, > share links, sell/buy stuff, discuss and so on. > > I see 3 basic roles; > Admin (can do/see everything in a Gang) > Users (can't edit/see configurations) > Guest (can access a Gang if invited but only read) > > A user can be a User in one Gang, a Guest in a second and Admin of a > third. > > > The above, I guess could solve by simply having three ManyToMany-fields > (admins,users,guests) on each Gang-model, referencing the User table. > > > However I would like something more fine-grained, and see the roles as > "templates of accessrights". > E.g. the access rights should be as detailed as "Allow Create Gang", > "Allow Invite to Gang", "Allow Write on Wall" and so on. > > And of course, these access rights are only relevant for a particular > user in a specific Gang (with the exception of the first). > > Maybe it's too complicated and not worth it, but I am willing to try and > of course listen to the opinions of the experienced crowd here. :) > > > Another issue that bothers me is minor, but how to use these acessrights > in the template system to "hide" elements on the page for users who are > not allowed to interact with them. > > Thank you for reading so far. > > Regards > A. > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/988c4489-aa28-4b32-884a-ededf531090b%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.

