Techincally, an instance of “Permission” is just a label. It has no functionality, it’s just data to be used elsewhere.
Yes, when a permission is created, it’s created as a reference to a model. But that has nothing to do with how they can be used.
For some further thoughts on this distinction and usage of permissions, see:
- Conditional content rendering, based on permissions
- What is the purpose of Permissions?
- How to refer or access the custom made permissions in has_perm() and in required_permissions?
Not necessary (nor appropriate in a normalized relational model) to do that.
Your through model could contain either:
- A reference to a single
Permission
, where you allow for multiple instances of the entry for (User
,MyCompany
) - A ManyToMany to
Permission
for the complete set of permissions assigned to thatUser
relative to thatCompany
The first version is likely to make the permissions tests easier, while the second version will likely make the administration of the permissions for a user easier. (Off-the-cuff conjectures, no hard data to support this.)