Re: Multi Client Django System

We achived the second level auth, by tying an extended group to a company,
all company members are part of this group, so we can leverage the
normal auth mechanismen.

Hope this gives you an idea.

Thanks
Frank

class CompanyManager(models.Manager):
filter_by_user_limit_field = None

def by_user(self, user):
"""
Extension for filtering organization objects (also related
objects) by
the groups of a user.
Avoiding that a user can touch other organization objects.
Superusers and
Partner Administrators are able to see all organizations.
"""
# if the user is not logged in - no data
if not user.is_authenticated():
return self.none()
# TODO: optimization: would be nice to find a way to make
by_user chainable like .filter(), ...
return self.limit_queryset_by_user(
self.get_query_set(),
user,
self.model.filter_by_user_limit_field
)

@staticmethod
def limit_queryset_by_user(qs, user, field_key):
if user.is_superuser.count()>0:
return qs
kwargs = {}
if field_key and user.groups.count() > 0:
kwargs[field_key] = [u['id'] for u in user.groups.values('id')]
return qs.filter(**kwargs)

And in the model

class Company(ExtendedModel):
name = models.CharField(max_length=64, unique=True)
slug = models.SlugField(unique=True)
is_active = models.BooleanField(null=False, blank=False, default=True)

filter_by_user_limit_field = "organizationgroup__in"
objects = CompanyManager()

class CompanyGroup(Group):
"""
User group of the Organization
"""
organization = models.OneToOneField(Organization)


Am 23.02.2013 17:00, schrieb Gabriel - Iulian Dumbrava:
> How I would do it would be to have a special column (foreign key) in each table (model) called Company (company_id) and change all default managers to filter on company_id = logged_in_user.company_id.
>
> In this way you are sure tha users only see what belongs to their company.
>
> You would have to pass the company_id to models, probably with a middleware which gets it from the logged in user and saves it somewhere.
>
> And you also have to save the default value of company_id to each newly created entry in every table, probably from the same source as above.
>

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.