On 12/31/2017 12:50 AM, Markus Holtermann wrote:
> Thanks Curtis,
>
> I had a quick look. Some thoughts (in no particular order):
>
> - IMO a nice idea. I've attached all model independent permissions to
> the user model in the past to work around the limitation.
Certainly a good one I'll remember to mention on #django next time it
comes up :)
> - How do you envision 3rd party apps handling their own permissions? If
> I install 2 independent apps and both use a permission can_do_foo, one
> can't distinguish between those two, right?
I had considered this, and yes would much rather some sort of per-app
permissions. For some years now the model-centric view many people take
of their designs has bothered me.
> - What do you think about adding an 'app_label' to the Permission model
> that can be used instead of a content type. That could solve the issue
> from the previous point? content_type and app_label would be
> exclusive?
Oh, absolutely! A solid mechanism for per-app permissions would win me
over in a second.
Would we keep the existing syntax of "{scope}.{codename}" and fallback
scope from model to app label? Or have a different syntax for app-level
permissions, like "{app_label}:{codename}"?
And if so, how would that be handled in templates?
Also would we add get_app_permissions() to the auth API?
> - I dislike the seetings approach of GLOBAL_PERMS and would rather see
> users writing explicit data migrations.
I was specifically aiming for something almost as simple as the
per-model custom permissions.
Could we add it to AppConfig? Feels like the right place to me.
--
C