I don't have any solutions for you, but I am VERY interested in the 
responses, since you describe some of the same issues I will have soon but 
have not gotten to yet - especially the last one, which I don't think is 
'minor' at all. So, how about it, all you experienced users out there? 
Answer this one and you get a twofer!

On Tuesday, January 28, 2014 9:59:02 AM UTC-6, Anders wrote:
>
> Dear Django developers, 
> I need a bit of advice on how to solve an authorization problem. 
>
> My site is a is still being designed in my mind but think of it as a 
> portal of mini-facebooks (Gang); 
> In each Gang there functions such as write on wall, upload pictures, 
> share links, sell/buy stuff, discuss and so on. 
>
> I see 3 basic roles; 
>  Admin (can do/see everything in a Gang) 
>  Users (can't edit/see configurations) 
>  Guest (can access a Gang if invited but only read) 
>
> A user can be a User in one Gang, a Guest in a second and Admin of a 
> third. 
>
>
> The above, I guess could solve by simply having three ManyToMany-fields 
> (admins,users,guests) on each Gang-model, referencing the User table. 
>
>
> However I would like something more fine-grained, and see the roles as 
> "templates of accessrights". 
> E.g. the access rights should be as detailed as "Allow Create Gang", 
> "Allow Invite to Gang", "Allow Write on Wall" and so on. 
>
> And of course, these access rights are only relevant for a particular 
> user in a specific Gang (with the exception of the first). 
>
> Maybe it's too complicated and not worth it, but I am willing to try and 
> of course listen to the opinions of the experienced crowd here. :) 
>
>
> Another issue that bothers me is minor, but how to use these acessrights 
> in the template system to "hide" elements on the page for users who are 
> not allowed to interact with them. 
>
> Thank you for reading so far. 
>
> Regards 
> A. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/988c4489-aa28-4b32-884a-ededf531090b%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to