Supertypes, subtypes and authentication

[AnneVerm]

I'm working on a web aplication in which I have a supertype node which is subtyped by organization, person and thing. Nodes can have permission to create/update/delete addresses, events, articles, pages etc. which all have a foreignkey referencing node.

I'm struggling with the authentication and authorization. If I add a node to the user I could use UserPassesTestMixin like this:

def test_func(self):

    obj = self.get_object()

    return obj.node == self.request.node

However, the consequence is that every node is related to a user one-to-one, which in case of things is not ideal.

I hope someone could point me in the right direction to solve this problem.

Kind regards,

Anne

[Antonis Christofides]

Hello,

Could you explain a few things? A node is the superclass of organization, person and thing? Could you give an example of an organization and of a thing that can or create an article? What would be a better name for test_func? Could it be named is_authorized for example? What does get_object do? What is an "object"? What would be a better name for "UserPassesTestMixin"? Maybe "UserIsAuthorized"?

Regards,

Antonis

Antonis Christofides
+30-6979924665 (mobile)

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/03685bda-5257-42e0-88ef-1973de3411dfn%40googlegroups.com.

[AnneVerm]

Hello,

Thanks for your reply.

I have a Postgres database, node, organization, person and thing are modelled like this:

CREATE TABLE public.ntw_node
(
    id integer NOT NULL DEFAULT nextval('ntw_node_id_seq'::regclass),
    CONSTRAINT ntw_node_pkey PRIMARY KEY (id)
)

CREATE TABLE public.ntw_organization
(
    id integer NOT NULL DEFAULT nextval('ntw_organization_id_seq'::regclass),
    nodeid integer NOT NULL,
    -- organization specific fields
    CONSTRAINT ntw_organization_nodeid_fkey FOREIGN KEY (nodeid)
        REFERENCES public.ntw_node (id) MATCH SIMPLE
        ON UPDATE CASCADE
        ON DELETE CASCADE
)

CREATE TABLE public.ntw_person
(
    id integer NOT NULL DEFAULT nextval('ntw_person_id_seq'::regclass),
    nodeid integer NOT NULL,
    -- person specific fields
    CONSTRAINT ntw_person_nodeid_fkey FOREIGN KEY (nodeid)
        REFERENCES public.ntw_node (id) MATCH SIMPLE
        ON UPDATE CASCADE
        ON DELETE CASCADE
)

CREATE TABLE public.ntw_thing
(
    id integer NOT NULL DEFAULT nextval('ntw_thing_id_seq'::regclass),
    nodeid integer NOT NULL,
    -- thing specific fields
    CONSTRAINT ntw_thing_nodeid_fkey FOREIGN KEY (nodeid)
        REFERENCES public.ntw_node (id) MATCH SIMPLE
        ON UPDATE CASCADE
        ON DELETE CASCADE
)

I am not sure how to get from the relational model to the object oriented model so that I can use

Django's ORM.

An organization could be a rugby club, a bakkery, an accountants office, a person could be a consultant,

 a trainer, an athlete.

At the moment nodes and users are related one-to-one:

CREATE TABLE public.auth_user
(
    id integer NOT NULL DEFAULT nextval('auth_user_id_seq'::regclass),

    nodeid integer,

    ...
    CONSTRAINT auth_user_nodeid_fkey FOREIGN KEY (nodeid)
        REFERENCES public.ntw_node (id) MATCH SIMPLE
        ON UPDATE CASCADE
        ON DELETE CASCADE
)

However, in reality nodes are not necessarily related to users one-to-one, there are nodes managed

by a root or admin user, as in the django admin they have access to all data related to a node.

In the Django tutorials I've done sofar for example an article is modelled like this:

class Article(models.Model):
    title = models.CharField(max_length=255)
    ...
    author = models.ForeignKey(
        settings.AUTH_USER_MODEL,
        on_delete = models.CASCADE,
    )

So the question is_authorized is answered using settings.AUTH_USER_MODEL. In my case article would

be modelled like this:

class Article(models.Model):
    title = models.CharField(max_length=255)
    ...
    node = models.ForeignKey(
        Node,
        on_delete = models.CASCADE,
    )

 

Here I'm stuck at how to authorize a user. I hope I provided you with sufficient information

to point me in right direction.

Anne

[Sebastian Jung]

Helli Anne,

Authirization is automatical implemented in django. You need a login page and ggf. A Registration page.

https://ordinarycoders.com/blog/article/django-user-register-login-logout

This has nothing to do with a relationship from article to a User or a node.

Regards

Regards

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/36bbdfeb-3d27-4b64-860c-048460458a5dn%40googlegroups.com.

[Gabriel Araya Garcia]

If you had implemented the authentication in your app, then I think, it would be more easy to develop other things more complex. Remember in Django you can give permission at  users  group 

Gabriel Araya Garcia

GMI - Desarrollo de Sistemas Informáticos

--

You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/03685bda-5257-42e0-88ef-1973de3411dfn%40googlegroups.com.