RE : If companies permissions are updated, all of its employees permissions
needs to be updated as well.
Just make sure to use transaction for this.
e.g.
from django.db import DatabaseError, transaction
with transaction.atomic():
# code to update company permissions
# code to update its employees permissions
pass
Regards,
Chetan Ganji
+91-900-483-4183
ganji.che...@gmail.com
http://ryucoder.in
On Wed, Jun 5, 2019 at 8:52 PM Tal <tal.z...@gmail.com> wrote:
> Awesome! Simple and DRY. Thanks!
>
> On Wednesday, June 5, 2019 at 5:07:17 AM UTC-6, RyuCoder wrote:
>>
>> No need for inherit permissions. As it will increase one more if
>> condition to be checked.
>> But, whenever a new user is created, you have to read the values from its
>> companys permissions and set them for the current user.
>> If companies permissions are updated, all of its employees permissions
>> needs to be updated as well.
>>
>> This is a typical example of a Nested CRUD.
>>
>>
>>
>> class BasePermissions(models.Model):
>> allow_blog_access = models.BooleanField(default=True)
>> allow_shop_access = models.BooleanField(default=True)
>> allow_admin_access = models.BooleanField(default=True)
>>
>> class Meta:
>> abstract = True
>>
>>
>> class Company(BasePermissions):
>> name = models.CharField(max_length=255)
>>
>>
>> class CustomUser(BasePermissions, AbstractUser):
>> company = models.ForeignKey(Company, on_delete=models.CASCADE,
>> related_name="customuser")
>>
>>
>>
>> Cheers!
>>
>>
>> Regards,
>> Chetan Ganji
>> +91-900-483-4183
>> ganji...@gmail.com
>> http://ryucoder.in
>>
>>
>> On Wed, Jun 5, 2019 at 4:26 AM Tal <tal...@gmail.com> wrote:
>>
>>> Lets say I have 2 models:
>>>
>>>
>>> class Company(models.Model):
>>> name = models.CharField(...)
>>> allow_blog_access = models.BooleanField(...)
>>> allow_shop_access = models.BooleanField(...)
>>> allow_admin_access = models.BooleanField(...)
>>>
>>>
>>> class User(AbstractUser):
>>> company = models.ForeignKey(Company, ...)
>>> ...
>>>
>>>
>>>
>>> Here, users can be assigned to a company, and when a user tries to
>>> access a particular webpage,
>>> the view can check:
>>>
>>> - Does this user's company have access to this area (ex. the blog
>>> app)?
>>>
>>>
>>> This is great. That means access to particular areas (or apps) of the
>>> site can be controlled at the company level.
>>> When you create a user, you just assign him to a company, and whatever
>>> the company is allowed to access, he is
>>> as well. It makes updating access a lot easier too, when you can change
>>> it in one place (at the company level), instead
>>> of doing it for every user.
>>>
>>> The problem I'm having is that one or two users that are part of a
>>> particular company need access to most of, but
>>> not all of, the areas the company has access to.
>>>
>>> What's the best way to implement this?
>>>
>>> The main thing I can think of is to have the User class also have
>>> Boolean fields for allow_blog_access, allow_shop_access
>>> and allow_admin_access, but add another field called inherit_permissions
>>> (also boolean). It would look like this:
>>>
>>>
>>> class Company(models.Model):
>>> name = models.CharField(...)
>>> allow_blog_access = models.BooleanField(...)
>>> allow_shop_access = models.BooleanField(...)
>>> allow_admin_access = models.BooleanField(...)
>>>
>>>
>>> class User(AbstractUser):
>>> company = models.ForeignKey(Company, ...)
>>> allow_blog_access = models.BooleanField(...)
>>> allow_shop_access = models.BooleanField(...)
>>> allow_admin_access = models.BooleanField(...)
>>> inherit_permission = models.BooleanField(...)
>>> ...
>>>
>>>
>>>
>>> If inherit_permissions for a user is set, the view should look at the
>>> permissions of the company the user belongs to
>>> (request.user.company.allow_blog_access).
>>> If inherit_permissions for a user is not set, the view should look at
>>> the permissions of the user (request.user.allow_blog_access).
>>>
>>> Is there a better way to do this? Or is that the simplest?
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django...@googlegroups.com.
>>> To post to this group, send email to django...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/django-users.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/django-users/c0051d28-de5d-427f-87da-4bd986734f69%40googlegroups.com
>>> <https://groups.google.com/d/msgid/django-users/c0051d28-de5d-427f-87da-4bd986734f69%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/1ad82488-02c3-482a-ba84-fc529c066967%40googlegroups.com
> <https://groups.google.com/d/msgid/django-users/1ad82488-02c3-482a-ba84-fc529c066967%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAMKMUjunTHb9C8HoyXHfqZwuQ115FJWRpMgVabyVHpmg3YSrfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
