Users, Profiles & other things - Part 4

Today we end this mini-series on User Types with using Django's Groups & Permissions models. By default Django creates four permissions for each model that is created (view, create, edit, delete). These permissions can either be assigned directly to a User or to a Group. There easily hook into limiting access to views with decorators & mixins as well has having the has_perm method on the User model to check permissions at other points in the code. By default Permissions only work at a table/model level, however third-party packages like django-guardian have extended this functionality to allow for row based permissions. Since Groups and Permissions are just plain models they can easily be created programmatically and other models can have relations to them.

All of these features mean it is possible to build a fairly complex permissioning system for access to various parts of your system. With object level permissioning you can create a system close to Google Drive's or Notion's concept of sharing documents

Showing a code example here doesn't make much sense since all these features available in the admin to begin playing with. The best place to learn more is to delve into the auth section of the docs

The only major disadvantage of this system is that Groups by default are not swappable (which could be seen as a good thing) so storing extra data that needs to be associated with a user type would require the solution from part 2 as well.