Exclusive use of Groups #20
Comments
|
...Actually the one use of default False |
|
The change from having UserRole to using Groups was due to feedbacks I got from other people. For the sake of simplicity, I assumed Groups would only be used for managing roles, and that's why all user groups are deleted before a new one is assigned. Your approach is more correct, this library should not interfere with Groups beyond the ones it creates. About Can you make a PR for your changes? |
[#20] Don't interfere with other groups
* origin/master: [#20] Don't interfere with other groups
|
It's ready on pypi as version 0.6 |
I think it's a mistake to assume each user is in a single group related to a single role. In 6852439 you removed the UserRole model but I'd like to see it restored.
I was expecting that 'role' was entirely separate from groups. I intend to have my Users in groups by team, and given a role 'team_member' they would be granted the permission 'change_team_documents'. I could then use the object level permissions checks to ensure that
user.has_perm('change_team_documents') and doc.team in user.groups.all()At a minimum I'd hope the use of groups could be reworked to drop the single group assumption. Possibly filter for groups that match role names, and delete only "role groups".
I'm not even sure why assign_role_to_user() removes previous rolls. Further,
available_permissionsdoesn't actually limit the permissions that can be applied to a user, default False permissions have no effect at all. It might make more sense to just havedefault_permissionsas a list, thus users granted multiple rows will just have the permissions from each roll.Sorry for the novel here. If you're interested I'm happy to split the issues up and work on solutions.
The text was updated successfully, but these errors were encountered: