I’m trying to figure out what the best path is to follow in order to implement additional permissions on an existing app or something with similar results.
I’ve been looking at various options like django-rules or django-guardian as well as potentially rolling my own but, right now, I’m still quite confused. I’m hoping maybe someone here has had to deal with a similar issue and might have some pointers in regard to what I should be looking at (or if I’m looking in a completely wrong direction, which I have also been known to do ).
This is an app that lets people come to a website and book a session in a fitness-type venue. At the moment there are 3 venues and it all works fine. There’s a venue model, a reservation model and a bunch of other elements that don’t impact the reservation or the current problem itself.
The issue is that up until now, all 3 venues were managed by the same team, but they’ve now decided to expand and these new venues will be managed by third parties. This means that people from the venue X team should only be able to view/edit/add reservations for venue X in the admin and be unable to see reservations for venues Y or Z, for example.
In an ideal world, when a new venue instance is added via the admin, let’s say “venue w”, a series of permissions linked to this venue would be created. Something like “can_add_reservations_for_venue_w”, “can_delete_reservations_for_venue_w” etc.
If an admin user is in a group with these permissions, they can add, view or delete reservations linked to this venue but none of the other venues they don’t have permissions for.
Here are my models, they’re pretty standard:
class Venue(models.Model): name = models.CharField(max_length=255, verbose_name=_("name")) street = models.CharField( max_length=255, blank=True, null=True, verbose_name=_("street & number") ) post_code = models.CharField( max_length=20, blank=True, null=True, verbose_name=_("post/zip code") ) city = models.CharField( max_length=255, blank=True, null=True, verbose_name=_("city") ) [etc]
class Reservation(models.Model): venue = models.ForeignKey( to=Venue, on_delete=models.CASCADE, verbose_name=_("venue"), default=1 ) customer = models.ForeignKey( to=Customer, on_delete=models.CASCADE, verbose_name=_("customer") ) date = models.DateField(default=timezone.now, verbose_name=_("activity date")) time = models.IntegerField(default=14, verbose_name=_("time")) duration = models.IntegerField( default=1, choices=RESERVATION_DURATION, verbose_name=_("duration") ) participants = models.IntegerField(default=1, verbose_name=_("number of people")) [etc]
Any tips would be appreciated, or indications that I’m missing something horribly obvious