Re: Per-object permissions

gamliel roi wrote:
> Hello all,
>
> I have the admin site up and running but I need to create a group of users,
> such that each of the users will be able to edit objects that are only
> relevant to them (e.g Project objects that the user is also the
> ProjectManager).
>
> I know that in the past Django had a Per-object permissions branch, which is
> now abandoned.
>
> Should I peruse this direction and try to incorporate this branch to my
> current code? is it documented and running properly?
>
> Any other ideas/suggestions/resources regarding this problem?
>

There's a patch in the django tracker that adds support to help
integrate your own per-object permission handling auth backends (it
does not in itself constitute per-object permissions):
http://code.djangoproject.com/ticket/11010

I haven't fully worked out how to do integration of our own
(unreleased*) object permission system even given that patch,
though it would presumably be am improvement as it would
enable us to use the django admin more (once the admin is
appropriately updated to pass through the object to the revised
auth backend I suppose).

* Maybe I could/should look into getting it released. We maintain a
D.A.G. where vertices are permissions,roles and users. If a path exists
in the graph (fastish query with the transitive closure representation
used, at least for non-pathological graphs) from a permission to a user
through one or more roles, the user is considered to have that permission.
permissions are action() or action(obj1) or action(obj1,obj2)

Taking your example, in our system, each project would have its own
projectmanager role created, granted the permission to edit the project.

e.g.

perms_all_mgrs_have===>role:project_mgr # just for e.g.
|
v
perm:edit(project1) ---> role:project1_mgr ---> user:user1

Thus, user1 is project manager of project1.

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.