Didn't know it was so simple to do that - I'll make sure to do it. Thanks
On Wednesday, June 5, 2019 at 9:32:30 AM UTC-6, RyuCoder wrote: > > RE : If companies permissions are updated, all of its employees > permissions needs to be updated as well. > > Just make sure to use transaction for this. > e.g. > > from django.db import DatabaseError, transaction > with transaction.atomic(): > # code to update company permissions > > # code to update its employees permissions > > pass > > > > > Regards, > Chetan Ganji > +91-900-483-4183 > [email protected] <javascript:> > http://ryucoder.in > > > On Wed, Jun 5, 2019 at 8:52 PM Tal <[email protected] <javascript:>> wrote: > >> Awesome! Simple and DRY. Thanks! >> >> On Wednesday, June 5, 2019 at 5:07:17 AM UTC-6, RyuCoder wrote: >>> >>> No need for inherit permissions. As it will increase one more if >>> condition to be checked. >>> But, whenever a new user is created, you have to read the values from >>> its companys permissions and set them for the current user. >>> If companies permissions are updated, all of its employees permissions >>> needs to be updated as well. >>> >>> This is a typical example of a Nested CRUD. >>> >>> >>> >>> class BasePermissions(models.Model): >>> allow_blog_access = models.BooleanField(default=True) >>> allow_shop_access = models.BooleanField(default=True) >>> allow_admin_access = models.BooleanField(default=True) >>> >>> class Meta: >>> abstract = True >>> >>> >>> class Company(BasePermissions): >>> name = models.CharField(max_length=255) >>> >>> >>> class CustomUser(BasePermissions, AbstractUser): >>> company = models.ForeignKey(Company, on_delete=models.CASCADE, >>> related_name="customuser") >>> >>> >>> >>> Cheers! >>> >>> >>> Regards, >>> Chetan Ganji >>> +91-900-483-4183 >>> [email protected] >>> http://ryucoder.in >>> >>> >>> On Wed, Jun 5, 2019 at 4:26 AM Tal <[email protected]> wrote: >>> >>>> Lets say I have 2 models: >>>> >>>> >>>> class Company(models.Model): >>>> name = models.CharField(...) >>>> allow_blog_access = models.BooleanField(...) >>>> allow_shop_access = models.BooleanField(...) >>>> allow_admin_access = models.BooleanField(...) >>>> >>>> >>>> class User(AbstractUser): >>>> company = models.ForeignKey(Company, ...) >>>> ... >>>> >>>> >>>> >>>> Here, users can be assigned to a company, and when a user tries to >>>> access a particular webpage, >>>> the view can check: >>>> >>>> - Does this user's company have access to this area (ex. the blog >>>> app)? >>>> >>>> >>>> This is great. That means access to particular areas (or apps) of the >>>> site can be controlled at the company level. >>>> When you create a user, you just assign him to a company, and whatever >>>> the company is allowed to access, he is >>>> as well. It makes updating access a lot easier too, when you can change >>>> it in one place (at the company level), instead >>>> of doing it for every user. >>>> >>>> The problem I'm having is that one or two users that are part of a >>>> particular company need access to most of, but >>>> not all of, the areas the company has access to. >>>> >>>> What's the best way to implement this? >>>> >>>> The main thing I can think of is to have the User class also have >>>> Boolean fields for allow_blog_access, allow_shop_access >>>> and allow_admin_access, but add another field called >>>> inherit_permissions (also boolean). It would look like this: >>>> >>>> >>>> class Company(models.Model): >>>> name = models.CharField(...) >>>> allow_blog_access = models.BooleanField(...) >>>> allow_shop_access = models.BooleanField(...) >>>> allow_admin_access = models.BooleanField(...) >>>> >>>> >>>> class User(AbstractUser): >>>> company = models.ForeignKey(Company, ...) >>>> allow_blog_access = models.BooleanField(...) >>>> allow_shop_access = models.BooleanField(...) >>>> allow_admin_access = models.BooleanField(...) >>>> inherit_permission = models.BooleanField(...) >>>> ... >>>> >>>> >>>> >>>> If inherit_permissions for a user is set, the view should look at the >>>> permissions of the company the user belongs to >>>> (request.user.company.allow_blog_access). >>>> If inherit_permissions for a user is not set, the view should look at >>>> the permissions of the user (request.user.allow_blog_access). >>>> >>>> Is there a better way to do this? Or is that the simplest? >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> Visit this group at https://groups.google.com/group/django-users. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/django-users/c0051d28-de5d-427f-87da-4bd986734f69%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/django-users/c0051d28-de5d-427f-87da-4bd986734f69%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/django-users. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/1ad82488-02c3-482a-ba84-fc529c066967%40googlegroups.com >> >> <https://groups.google.com/d/msgid/django-users/1ad82488-02c3-482a-ba84-fc529c066967%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/16dbb4eb-8da9-41f0-882f-81cb6a0ea3aa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
