I'm currently looking for an access control implementation in Django. I read about native resolution, but it does not care about the object. For example, I need permissions like "Only the creator can delete their own elements." So I read about the django guardian. Again, thinking about it, it can be difficult to handle and check if the restrictions have changed.
I am looking at the next popular rights management application called django-rules. This is similar to what I need. However, I believe that django rules require the participation of an instance of the model (hence the level of the object), if I require a simple representation, such as a "member area", it does not perform this function.
This made me think of using both contributions for the latter scenarios and django rules for the former. My question here is how easy it will be to manage both framework permissions. For example, I have different user groups. I am worried about overlapping scenarios in which the administrator added a certain permission in the administrator's system (to allow access to the view), believing that this is enough, but it turns out to be limited by the restrictions established by the rules.
I believe this is a common case, and I humbly seek your advice and guidance based on your experience.
goh
source share