Search code examples
pythonpython-3.xdjangodjango-permissionsdjango-3.0

Creating Groups and Modifying View Access Django

I am building a web app using Django 3.0.7 and Python 3.8 that will use some business intelligence tool, like Tableau or Power BI, as a reporting source.

There is absolutely no issue with the code I am using, however I need to be able to reduce visibility to certain pages, based on a created group. For example:

If I have three pages/dashboards: 127.0.0.1:8000/director/report1, 127.0.0.1:8000/manager/report2, 127.0.0.1:8000/employee/report3

and I have three users: Director, Manager, Employee

How can I create the site in such a way that when a user registers to the site, their profile is created and subsequently assigned a group THEN restrict access to certain pages based on the user group (this would be easier than assigning permission to every user). For example:

The user Director would belong to a group called, directors, and would have access to 127.0.0.1:8000/director/report1, 127.0.0.1:8000/manager/report2, 127.0.0.1:8000/employee/report3.

The user Manager would belong to a group called, managers, and have access to 127.0.0.1:8000/manager/report2, 127.0.0.1:8000/employee/report3.

The user Employee would belong to a group called, employees, and have access to 127.0.0.1:8000/employee/report3.

I found some information related to permissions here: https://docs.djangoproject.com/en/2.1/_modules/django/contrib/auth/decorators/ but I cannot find information related to creating groups AND assigning permissions.

Solution

  • You could extend the default user class in django with a new model named staff and add a charfield with director, manager and employee as given below:

    from django.contrib.auth.models import User

class Staff(models.Model):
    user = models.OneToOneField(User, on_delete=models.CASCADE)
    DIRECTOR = "DR"
    MANAGER = "MG"
    EMPLOYEE = "EM"
    DESIGNATION_CHOICES = [
        (DIRECTOR, "Director"),
        (MANAGER, "Manager"),
        (EMPLOYEE, "Employee"),
    ]
    designation = models.CharField(
        max_length=2,
        choices=DEISGNATION_CHOICES,
        default=DIRECTOR,
    )

    Then you can provide the necessary if,else conditions in your views which will prevent/allow members of certain category to make requests for certain pages.

    One way to implement this could be:

    #assuming you are using this view function corresponding to '/director/' url
def director_page(request):
  if request.user.is_authenticated:
    user = request.user
    staff = Staff_objects.get(user__id=1)
    if staff.designation == "Director":
      ...#allow director to proceed
    else:
      ...#return an error response
  else:
    ... # Do something for anonymous users.