I have read about adding custom attributes to our domain schema. Is there any way to base group membership on this custom schema data? i.e. have a user be added to a group automatically if they have a certain custom attribute flag, or any particular schema data for that matter, similar to the way you can add all users of a domain to a group. I guess it would be the same or similar to dynamic groups in LDAP.
Related
I have an iOS app using AWS AppSync through GraphQL, setup through Amplify, using DataStore for the local/offline cache and DynamoDB in the backend.
The use case is that the user creates an "entity" and in that entity they can have multiple groups such as "admins", "authors", "readers", etc.. Each of those groups have different permissions that exist within the realm of the "entity".
Each User could create multiple "entities" and therefore there are multiple groups that may have the same name but are separately related to "entities" and are only permissions for that entity.
To put it another way. A user creates a blog. That user is the Owner of that blog. That user then invites a friend to be an "Admin" of that blog. That friend is now a part of the "Admin" group for that blog. That "Admin" group is only pertinent to that blog. Other users may create blogs of their own and add their friends to be "Admins" of their blogs. But each of these "Admins" are actually in different groups (even if the group names are all called "admin").
So I don't think Cognito User Pool groups will work since there is a limit of 500 groups I believe? (Assume we can make more than 500 blogs and therefore more than 500 groups would be needed).
Preferably there would be the option for the Blog owner to create groups and give them any kind of name. But if needed the groups could be all named the same (admin, author, readers, etc). But as such, I see one of three options but don’t know how to proceed.
A table within my schema that handles the groups. I actually have this concept ready but am uncertain how to implement it with the #auth tag in the GraphQL schema.
Some way to link the “entity” with the Cognito group. So that user is related to group and group is related to entity and there is a check for all three using #auth in the GraphQL schema.
Some sort of custom code for authorization. I thought using lambda as the authentication method would work but #auth (rules: [{allow:custom}] is not supported by DataStore. Therefore am I looking at having to write custom VTL code? (Which I'm completely unfamiliar with).
I'm hoping there's a solution through standard auth means and working within the GraphQL schema. If not, sample code on how to achieve this would be much appreciated.
I'm trying to retrieve a list of groups from LDAP using django-auth-ldap. It is already authenticating against the LDAP but now I need to retrieve the groups available so I can use them in one of my Models.
One of my models has a group attr that will map to LDAP groups, I want to retrieve those groups to populate a combo so the user can pick one.
I have a Django app that uses the stock User and Group models. I have two groups, group A and group B. I would like to prevent any user from being in both group A and group B, being in just one group or the other is fine. what is the best way to go about this? I was looking into model validation but I would like to do this without modifying or sub classing the stock User model. It would even be enough for me to be able to check and make sure that this wasnt being set on the django admin edit user page.
I'm a bit unsure what to use Django user groups for.
I have an application where every user belongs to a different organisation. The organisations don't have anything to do with read/write permissions. It's just a way to separate groups of users. Every organisation needs some additional fields, like a name, URL, and email address. New organisations will be added to the system over time.
Within every organisation, users can have different permissions for moderation and administration, for which I (also) want to use user groups.
My question: Should I use Django's user groups to define the organisations, or should I just make an 'Organisation' model with a relation to the user?
Nope. User groups are made for different reasons. You CAN use them to define organisations but I think you should think bit further ahead:
will the organisation require more fields than just name?
perhaps you will need permissions in the future to define users roles within organisations?
I'm sure you can come up with more things to think of. But if you answered yes to one of those questions then just create your Organisation model.
1) You need to add group from django admin side under group table.
2) And while creating new user, assign specific group to user using user_obj.groups.add(group_id). Or Let user select group at frontend.
and then user_obj.save()
in Group table, you can create organization
OR
You can create individual organization table and assign assign user to specific organization.
Basically I am looking for the following:
Groups can be created by users of the site.
Users can apply to join a group.
Every group has a group administrator which can approve or reject applications to join a group. Also, they can remove members from a group.
Content can be created which is associated with the group. Only group members can create content. Users who are not group members can view this content but not create/modify the content.
Are there any Django applications which can help implement these requirements?
The only one that I'm aware of is part of the Pinax project. It doesn't meet all of these out of the box, but can be expanded pretty easily to get these features.