I need to develop a scenario of users and groups in my django application there are three groups
- Admin
- Manager
- Employee
Generally admin is available by creating superuser and I need to create the users for different groups
- Admin can access all the records created by all users
Now my requirement is some users are belongs manager group and some normal users belongs to employee group..
How the associate user belongs to manager group can fetch his own records along with his subordinate user's records from employee group
I'm fully confused to give relation between normal users with an associate user from manager group.
How can I assign some employee users to a manager user?
Just to make sure we are on the same page, you wish to have the following user structure:
An Admin can see EVERYTHING
A Manager can see HIMSELF and all his associated Users
A User can see HIMSELF and that's it
So technically, there's only a relation between Managers and Users
Assuming your Admin is not the same as the native admin role from Django, you could setup the following logic:
Extend the User model with a 1-to-1 relation to your custom model. Let's call it Profile.
One of the field in Profile could be the role which would either be Admin, Manager, or User (might want to create a referantial table and use a foreign key)
Another field could be related_manager which would be a foreign key to the user model. It would be a way to say "that user is my manager"
You would need to add specific control in your model, notably:
related_manager is required (or optional?) if user is "User".
related_manager is forced to None if user is not "User"
related_manager must be a user with 'Manager' role
You'd probably have to setup signals to handle "What happens when a Manager, who had users to manage, becomes a basic User?" Do these users become manager-less? Or maybe you prevent it from happening, and a manager can only be demoted once he has no user attached? It all depends on what you want
Note that this is one of many ways to deal with your situation
Related
Im trying to handle a use case where i have 2 roles. (admin , customer)
There will be an admin portal and a customer portal (2 different login pages ).
An admin can invite a customer
An admin can be a customer as well , can invite himself into the customer portal
An admin account must not share the same password as the customer account.
Email is used as the unique field for both admin and customer account.
For example :
Admin account
- customer#email.com /password1
- List item
Customer account
- customer#email.com /password2
Solution 1:
- Permission. Having 1 account with admin permission and customer permission.
(This cant work to fit the bussiness use case)
Based on this article:
https://simpleisbetterthancomplex.com/tutorial/2018/01/18/how-to-implement-multiple-user-types-with-django.html
Solution 2:
- Creating 2 django projects. One for each user model since both accounts cant share password. The reason for separating into 2 projects is because resources such as session,login, logout will not be shared. So each portal(admin,customer) has their own resource.
A create Customer API to allow admin to create a customer account in customer django project.
A shared db to share related data
This is the only way i can think of to handle the use case. Please let me know if anyone has a better idea to handle this.
Try setting the username field to the email first, if you want the user to log in via email, otherwise remember that the username is how the user logs in. Next, create a profiles app. In this app, create a profile model that will have an OneToOne relation with the Django user model (You can call the profile model via. user.profile). In this profile model, you can create a Boolean Field that distinguishes between a customer and an admin. This way when the user logs in, you can check there profile and render the appropriate template. Another way you can do this is via the Groups model already built-in, create 2 groups one for admin, and another for the customer, you can have when the customer registers to be set automatically as a customer, and admins only to be created to the Django admin or a separate portal if you choose.
I am working on a project which needs a separate admin interface. The django admin interface is for the super super user, there will be companies who will sign up for our app and then they will have their own admin interface. Everything is set and done despite the permission. We want model level permission that's what Django provides.
What I did is:
class CompanyGroup(models.Model):
name = models.CharField(max_length=254)
permissions = models.ManyToManyField(Permissions)
Now this list all the permissions of the site itself. So, Should I start working on my own permission app or I can modify django Permissions to provide object level permissions for only some models.
Thanks
Try one of the several existing 'row level' / 'per object' permissions apps for Django:
http://django-guardian.readthedocs.org/en/v1.2/
http://django-object-permissions.readthedocs.org/en/latest/
...there are probably others, those are just the first two in Google
We are using django-guardian in current project at work, seems fine.
I am assuming that you need to control access to sub-sets of each model's objects, depending on which company the current user belongs to (i.e. you don't want people from Company A to see items from Company B). For this reason you need row level permissions.
You probably also need to limit the permissions of all 'company users' to only certain actions:
You do not need to create a CompanyGroup class.
Instead just enable the admin site, log in as super user and create a django.contrib.auth.models.Group which contains the global permissions applicable to company users.
then ensure when you create any new company user logins that they are added to that Group
I'm a bit unsure what to use Django user groups for.
I have an application where every user belongs to a different organisation. The organisations don't have anything to do with read/write permissions. It's just a way to separate groups of users. Every organisation needs some additional fields, like a name, URL, and email address. New organisations will be added to the system over time.
Within every organisation, users can have different permissions for moderation and administration, for which I (also) want to use user groups.
My question: Should I use Django's user groups to define the organisations, or should I just make an 'Organisation' model with a relation to the user?
Nope. User groups are made for different reasons. You CAN use them to define organisations but I think you should think bit further ahead:
will the organisation require more fields than just name?
perhaps you will need permissions in the future to define users roles within organisations?
I'm sure you can come up with more things to think of. But if you answered yes to one of those questions then just create your Organisation model.
1) You need to add group from django admin side under group table.
2) And while creating new user, assign specific group to user using user_obj.groups.add(group_id). Or Let user select group at frontend.
and then user_obj.save()
in Group table, you can create organization
OR
You can create individual organization table and assign assign user to specific organization.
I have a model like Community, where some users can be admins and other users are normal users. I can link user the community as foreignkey or someother possible relationship. But, how can I implement user_type ? Where should I have this field ? Is it just another field in the model Community ?
I guess you want to provide different access levels to user in the community based on their user_type.
In that case, you can either keep a FK from UserProfile to Commmunity(in case one user will only be part of one community).
If users can be part of various communites, you should keep a ManyToManyField called users on Community model.
After this just keep these user in groups (See Django group and Permission). Set permission on Groups you define. Based on what group a user in, he will have the group permission. Use these permission to decide what access to give to a particular user.
Depends on the size and other attributes of the data but a common way to go about it would be to have a one-to-many relationship between Community and User. Then you can have a field in User that states the user type.
In the database you will have a Community table and a User table which are linked via foreign key, and the User table will store the user type information.
I want to let a logged-in and registered user create extra user accounts that he will be the admin of. These accounts will be special "subordinate" accounts that are tied to the user creating them. He should be able to add/modify/delete these accounts kind of like the theory of how a Google apps administrator manages the accounts for his company (you are a regular user, but also create/destroy other users.)
The subordinate accounts cannot create/modify/delete accounts (except change their own password and normal user behavior.) I'm using the django auth model for all of these accounts. What is a good way to access the auth methods to add/modify/delete accounts from my own custom built webpages without using any admin code?
First, you'll need to extend your User model. Then: Add a field that represents the class of user - "subordinate" or "admin". Add a field that references the "admin" User via foreign key so you can group users by their "admin". Create views that check the class of user and allow creation, edit, deletion of "subordinate" user accounts if user class is "admin".