Hierarchy permissions in Django
Please suggest me a better way. I am developing a Django application, you will have 3 types of users: administrator, reseller and user. They must have a hierarchy. The administrator can see everything. The dealer can see everything that his users have done. The user only sees what he has done.
How can I make these permissions using a hierarchy?
You can handle it in two ways:
- First solution (seems to be better in your case): using Django permission
This is where you will create groups, permissions and users. It is good practice to associate permissions with groups and then associate your users with groups. Thus, it is easy to change something in the future.
- Second solution: create 3 different profiles that inherit from the base User class. It will be harder to process thoughts.
I am working on something similar. Django has several on-line authorization issues. There are two projects that can achieve everything you ask for: django-permission and django-guardian . I needed smaller permissions and had to ride on my own.