Hello,
I am developing a project that is basically a big todo list. A user will create an account and can create multiple lists, organize them in interesting way, blah, blah, blah. That user is the admin for his organization. They can then create Editor and Viewer accounts for whatever they need to edit and view.
My question is what would be the best way of organizing this? My first thought was extending the Group class to create CustomGroups and basically using that as the organization.
Is this the best practice for this?
I’m happy to share any clarifying information.
What extensions do you need?
Is the only purpose you need for using these groups to manage authorization for performing certain activities?
I just need some way of organizing accounts. I am thinking of it like a household. Someone signs up and creates a household. That person is the admin. Then creates Editor and Viewer accounts for whoever needs them.
I don’t know if the best practice would be to create groups dynamically to separate households or if I am using the wrong tool here. I basically need a way to separate the data that households can see and interact with.
Working with your analogy then, and rephrasing this to see if my understanding is correct -
You are looking to have some number of Household.
Within each Household, you have 1 Admin, the person who creates the Household.
Within those same Household, you have some number of Editor and Viewer accounts.
If this is correct, then you might want to see the thread at How to create Workspaces and manage them for all the users in Django?
It’s a rather lengthy discussion but gets into some really specific details about implementation.
This falls into the category of implementing a “row-level” security mechanism.
Yes, Django’s security methodology allows for creating one.
Yes, there are some third-party packages that exist to help implementing it. (Check djangopackages.org to see what’s currently available.)
No, I’ve never used any of them, they weren’t adequate for my needs at the time. (We have some very specialized requirements, and the existing packages didn’t provide that functionality.)
Yes, we ended up rolling our own, built on top of the Django fundamentals. It has worked extremely well for us.
Thank you very much Ken for your help. I read through that post and I think I have everything in my head. I’m going to lay out what I am thinking and, if you feel like it, please correct me.
User creates an account, with that account they create group household_a and they become part of the household_a_admin group. They can then create accounts and assign them to household_a_editor and household_a_user groups.
I guess my only question from here is, is there any specific reason why I can’t combine groups and roles for this?
As in, user_a creates an account and with it household_a group. They have the role of admin, which grants full access to any group a user is assigned. user_a creates other users with roles editor and viewer, also assigned to group household_a. So all the users are assigned to group household_a with different roles for each account.
Regardless, I will post a link to my github once I have something so anyone following has something to look at.
No, there is no specific reason preventing you from doing that.
It’s a question of usage and permissions, and whether the structure you design satisfies your requirements.
From what you’re describing for your use-case, I think it is likely to work. I can certainly envision a structure where you’re using the editor / viewer / admin roles to restrict access to views, and then the household_x groups to filter what data can be seen in that view.