On 21/04/2019 12:11 pm, Joel Mathew wrote:
I have an application for a hospital. There, I should be able to
assign different roles like Doctor, Nurse, Attender, Auxillary Nurse,
Pharmacist, Store Manager etc, each of would be having specific access
to seperate areas (views), with some having restricted access. In
addition, there are other hospitals who would be having no access to
another hospital's records. All of these permissions should be
customisable, and I should be able to create additional roles and
permission groups for specific areas later (from within the
application itself, in production). What would be the best solution to
use? Is there a middleware which works well. I don't want to roll my
own if I will be reinventing the wheel.
Joel
I use Django Admin and contrib.auth. The Admin lets a superuser add a
new auth.group (ie., a role) and assign specific (other) model(s)
editing rights to it. Then users can be given membership of certain groups.
I control access to corporate data by assigning a one-to-one
relationship between any user and their particular company. Where a user
needs access to data across more than one company I force them to have
separate logins related one each to those companies. Companies need to
know they control access to their own data. Only consultants (perhaps
agency nurses in your scenario) need multiple logins. The Admin lets you
modify the queryset of records to filter out everying except the data
that user is entitled to see.
There are also mechanisms to show permitted data read-write or readonly
depending on role membership. I did my own for Django 1.11 but I notice
a later version seems to have specific read-only permissions assignable
to auth.groups. Not absolutely sure about that. I'm sticking with 1.11
for a little while yet.
My roles are
admin
author
authority
consumer
editor
manager
And in my common.utils I have ...
def is_member(user, name):
return user.groups.filter(name=name).exists() # or user.is_superuser
def is_admin(user, name='admin'):
return is_member(user, name)
def is_author(user, name='author'):
return is_member(user, name)
def is_authority(user, name='authority'):
return is_member(user, name)
def is_consumer(user, name='consumer'):
return is_member(user, name)
def is_editor(user, name='editor'):
return is_member(user, name)
def is_manager(user, name='manager'):
return is_member(user, name)
Currently my application has no use permissions. But access to
specific hospitals is being restricted by a model whoch stores
hospital name, and user name.
I have a specific company model for company info and a user.userprofile
model which links a user to a company. I'm not using a custom user model
in this project but I doubt I would have done it much differently if I had.
hth
Mike
Sincerely yours,
Joel G Mathew
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to django-users+unsubscr...@googlegroups.com
<mailto:django-users+unsubscr...@googlegroups.com>.
To post to this group, send email to django-users@googlegroups.com
<mailto:django-users@googlegroups.com>.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAA%3Diw_9BrOEh4Ss3X0g_EnaFyp1XTXij5DoZvva_XxwKVzXsGQ%40mail.gmail.com
<https://groups.google.com/d/msgid/django-users/CAA%3Diw_9BrOEh4Ss3X0g_EnaFyp1XTXij5DoZvva_XxwKVzXsGQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/4944ebe7-53c0-c2ab-9993-d2c52c99056e%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.
