On Sun, 2009-04-05 at 06:27 -0700, Zeal wrote: > Django's auth is pretty good, however, I need some row-level > authorziation mechnism, like in which department and function that the > certain user could access, so my needs on authrization are pretty > different than default auth model. Thanks!
I think you're misunderstanding something here, due to some lazy naming practices in Django's past. The "auth" in django.contrib.auth is for authentication, not authorization. It has all the utility pieces needed to authenticate a user and store any related user information in the session (the user object). It doesn't handle anything to do with authorisation based on that user object. So I was suggesting using the auth module to avoid needing to manually store the user_id value in any session objects and to handle the authentication portion in the natural flow of things. Authorisation is a separate issue. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
