Message from discussion CurrentUser, Owner permission, and so forth ...
Received: by 10.11.28.34 with SMTP id b34mr249495cwb;
Tue, 10 Jan 2006 16:05:33 -0800 (PST)
Received: from 22.214.171.124 by g49g2000cwa.googlegroups.com with HTTP;
Wed, 11 Jan 2006 00:05:33 +0000 (UTC)
From: "brice.carpent...@gmail.com" <brice.carpent...@gmail.com>
To: "Django developers" <email@example.com>
Subject: CurrentUser, Owner permission, and so forth ...
Date: Wed, 11 Jan 2006 00:05:33 -0000
X-HTTP-UserAgent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20051010 Firefox/1.0.7 (Ubuntu package 1.0.7),gzip(gfe),gzip(gfe)
Content-Type: text/plain; charset="iso-8859-1"
Yes, I'm bringing this issue again, please don't throw things at me !
Basically, I would want to open a discussion on these subjects so as to
define a clean solution to this problem, if at least possible.
I think I'm gonna give some use cases that should, in my very humble
opinion, be fulfilled by Django :
In a multi-user content management system (cms), the client sometimes
(well, for every project I've been working on, this has been a client
will, but it might be french-client-specific) want to keep track of the
author, or poster of a document.
The current django state on the subject is to create a ForeignKey on
meta.Users, and have the author to select himself in the list.
This has two drawbacks :
1/ the user has to do something that should be dealt with by the system
(since he is already authentified)
2/ this system allows one to specify another user than him (either on
purpose or by mistake)
One could enforce this by writing custom views, but then you can't use
provide your users with the admin interface
Related tickets : 1132  and 1164 
- Owner user and / or group permission :
This is a somewhat related issue. For a multi-user cms, the client
to be able to define some more granulated permission. For example "only
owner can edit this very document" (now that I think about it, I can't
find any other example not already covered by Django's permission
system, but it's quite late there).
I'm sure solutions have already been provided for both problems
1132 and 1164 both provides solutions for the CurrentUser issue), but
of now, these solutions have been (in my own opinion rightly) deemed
hackish to get committed. This thread is aimed at finding a clean
implementation of those two concepts.
Obviously, the solution _will_ introduce some coupling between the data
layer and the request layer (well, who knows ?). The point is mainly to
make it as light as possible.
I know, I didn't provide any answer right now. But let's brainstorm on
the subject and something might pop and seem simply the right way !
Brice Carpentier aka Br|ce