I have already configured custom User authentication for my project, however, I would appreciate some advice on how to implement the following:
My project requires that a customer be able to setup an account to use our online services.
That same customer (as administrator of the account) would then be able to add sub-users to that account and also be able to configure permissions for each of those sub-users with respect to that account.
I am not sure how to begin to implement this and I would appreciate some practical guidance on where start.
Many thanks in advance.
In general, start by reading these docs:
The Django permission system is extremely flexible. You can make this as simple or as sophisticated as needed.
Without having more detailed information about what the effects are of those permissions, it would be tough to be more specific than this. But you have extremely granular control over how this can work.
1 Like
Ken, many thanks once again.
I get how permissions can be applied to a user so that it affects their global authority (from view all the way to super_user), what I am having trouble getting my head around is how to apply permissions between two users. Specifically, I want to give user A revokable permission to enter and view user B’s account.
Any help that you can give me would be much appreciated.
If I were implementing something like this, I’d have B be a member of a group of all people that A can “view”. Then your test for A is that when trying to access B, that they pass the test that A can view B’s group. (You would need to implement that test, but it fits into the general category of user_passes_test
.) Again, this answer is necessarily vague because we’re still talking in broad generalities.
Thanks Ken,
I know that my question is vague and I am sorry for this, but let me try to add some detail by way of an example.
Let’s say that there is a social media website where user B has an account promoting themselves. User B wants some help from a social expert called A, who also has a separate account on the same platform promoting himself. Through the websites functionality, user B can allow expert A to access B’s account and view or even administer it depending on what user B allows. I hope that this makes my question clearer.
I am sure that can find a solution to this, but at the moment, I don’t know where to start!
Then I would suggest you start from a simpler test case. When trying to solve a “big hairy” problem, try to divide it into a smaller, less hairy issue.
Implement a user_passes_test
function that tests something trivial. Use that to control access to a view.
Keep expanding that functionality until you get to the point where the test is verifying what you ultimately want to test.