Reputation: 97
Confusion with the Django permission system
Django comes with a simple permissions system. It provides a way to assign permissions to specific users and groups of users. Like this: 'app_lable.model_name'. It may be convenient for the django admin, but I think it will be use difficult when I use it to control what people can to do with it.
For example, If I want to control whether a certain user can post a comment or see some portion content of my site. I have to config a permission group to him, but why not just add a user property like can_post or can_view_certain_portion? Its seems more intuitive. So who can help me understand those things? Thanks in advance.
Upvotes: 0
Views: 78
Answers (1)
Reputation: 166
The reason to keep permissions in a separate model is to leverage groups.
So if you needed to change the permissions on many users at once you could simply update the permissions of the group they are assigned to.
Also since users can belong to more than one group you have more flexibility for customizating permissions per user.
Keep in mind vanilla django permissions are model based so if you need to limit changing only certain fields to different users you will need something more robust like django-guardian.
Upvotes: 2
Related Questions
- How can I use Django permissions without defining a content type or model?
- Field Level Permission Django
- Group and Permissions Assignment Missing when using Custom User Model
- How to revoke permission to edit Admin User in django admin
- How to approve all installed apps permission programmatically in Django
- Django - user permissions to certain views?
- Django user not getting the assigned group's permissions
- Functional permissions in Django
- Django: How to manage groups and permission without using default admin