I have a page containing a table which has model form objects. I want to have 2 different types of users and both users should see their own contents. firs user is manager and should see its own departments content, second user is chief and should see its own sub-departments content. what kind of path i should follow? i couldn’t find appropriate document.
thank you 
In general, what you’re talking about here is the implementation of a “row-level security” system.
The Django permissions system makes it possible for you to implement this, but doesn’t provide a default implementation. (It’s really not practical to do so.)
There are a couple of libraries that have been developed to help with this, you can find them by searching djangopackages.org.
It’s also a topic that been talked about here in a couple of different places. See Give permissions to users per company for one such discussion.
1 Like
You can also capture the model forms in your view and alter the behavior there based on the request user.
class TheUpdateView(UpdateView):
def get_form(self, *args, **kwargs):
form = super().get_form(*args, **kwargs)
disable = [list of chief only fields]
grp = Group.objects.filter(name='the_chiefs').first()
if grp not in self.request.user.groups.all() and not self.request.user.is_superuser:
# execute this if user is not a chief
for field in disable:
form.fields[field].disabled = True
return form
1 Like
I just found a solition just like this. I am using django’s User model and added some extra fields as flag. I am trying to filter the content will be render and i think it is working. I will update if I make it done. thanks