Give permissions to users per company

Hi there!

In my case I have different users which can be part of different companies. An user can belong to multiple companies and a company has multiple customers, products, services, …

Now I want the user to be able to have different permissions per company. So let’s say user X can manage the customers in company A but can only read the products and services. And user X can manage the users, products and services in company B.

I would like to work with roles: so manage everything would be the role “superadmin” and manage customers but read products and services would be the role “sales” for example.

So in short: I want to create roles where I can assing permssions to and then add these roles to users per company.

I am planning on using rsinger86/ drf-access-policy to manage access control but any suggestions are welcome.

Please suggest me a good way to accomplish this scenario. How am I able to add roles per company and am I still able to use the by-default-generated auth_permissions from Django?

Thank you in advance!

1 Like

I don’t think this is possible since Django’s permission model doesn’t support references to specific objects. However, you may be able to find another package that can help: Django Packages : Permissions

I’m sorry, I’m going to have to disagree with you here.

Actually, the permissions model supports per-row security quite well. The various combinations of has_perms, get_user_permissions, and the other available functions allow for the creation of just about any degree of complexity desired.

Override the User has_perm method and you can determine whether or not that user has access to the provided object.

What Django doesn’t have is a default implementation. (It would be extremely difficult to provide a general implementation that actually does something worthwhile.)

Side note: We’ve got a rather intricate row-level permissions system that grants access not just based on the row itself, but also the data within each row. (A user’s access to a row can change when the data changes.) It’s all built on top of the Django permissions model.

3 Likes

No need to apologize, I’m glad you chimed in. I stand corrected.

1 Like