Hey everyone. I have some difficulties in building custom profile level permissions
For context I have users and each user can have multiple profiles.
Each profile can belong to a School instance. A profile has a set of different roles such as manager, teacher, student.
When logging in in the frontend, a user selects which profile they want to access and will be presented with the matching interface.
What I am trying to do is to give the ability to a school owner to set permissions to other managers.
Now, managers can access all classes and have full control like owners.
So I need permissions that are predefined. And can be serialized and updated in the frontend.
Someone yesterday suggested I try django rules. It looks promising but lacks the option to predefine permissions for each profile so owners of schools can adjust them for each manager.
What I though of is writing a model that stores the permissions as boolean fields. And then check the permissions using djano rules predicates and then use the predicated in the views.
What do you think of this approach? Is it not a good solution? Are there any better solutions?
Thanks in advance for your help
class ManagerPermissions(models.Model):
ALLOW_CLASSES_BY = (
("class", "class"),
("building", "building"),
)
manager = models.OneToOneField(Manager, on_delete=models.CASCADE, related_name="permissions")
allowed_classes = models.ManyToManyField(Class, blank=True)
allowed_classes_by = models.CharField(choices=ALLOW_CLASSES_BY, default="class")
buildings = models.ManyToManyField(Masjid, blank=True)
add_new_class = models.BooleanField(default=False)
edit_class = models.BooleanField(default=False)
add_students_class = models.BooleanField(default=False)
remove_students_class = models.BooleanField(default=False)
move_students_class = models.BooleanField(default=False)
add_new_students = models.BooleanField(default=False)
add_new_teachers = models.BooleanField(default=False)
add_new_managers = models.BooleanField(default=False)
@rules.predicate
def is_manager_with_permission(profile, permission):
return getattr(profile.permissions, permission, False)
class Profile(models.Model):
USER_STATUS = (
("active", "active"),
("inactive", "inactive"),
("pending_invitation", "pending_invitation"),
)
created_at = models.DateTimeField(auto_now_add=True)
user = models.ForeignKey(User, on_delete=models.CASCADE, related_name="profiles")
role = models.CharField(choices=ROLES, max_length=10, blank=False)
institution = models.ForeignKey(Institution, on_delete=models.CASCADE, related_name="profiles")
code = models.CharField(null=False, max_length=8, default=0)
status = models.CharField(choices=USER_STATUS, default="inactive")
I apologize for the long message. I appreciate any thoughts on this.