问题
Hello im new to django and im developing a software for stores, each store from a store chain has their own clients and payments. So there will be a role for a employee of an specific store (that do not need to know about others stores), and there will be a role for the administrator of the stores (who is not the admin of the system, is just another high level employee role) that needs to know about the payments of every store.
the model looks like this:
class Store(models.Model):
id = models.IntegerField(max_length=10, primary_key=True, default=0)
name = models.CharField(max_length=20)
def __unicode__(self):
return self.name
class Clients(models.Model):
store = models.ForeignKey(Store)
id = models.IntegerField(max_length=10, primary_key=True, default=0)
name = models.CharField(max_length=20)
last_name = models.CharField(max_length=20)
def __unicode__(self):
return self.last_name
class Payments(models.Model):
client = models.ForeignKey(Clients)
month_from = models.DateField(default='1111-01-01')
amount = models.IntegerField(default='0')
def __unicode__(self):
return self.month_from.strftime('%Y-%m-%d')
this is the client view:
@login_required(login_url='/')
def clients(request):
query_string = ''
found_entries = None
if ('q' in request.GET) and request.GET['q'].strip():
query_string = request.GET['q']
entry_query = get_query(query_string, ['id', 'name',])
print entry_query
found_entries = Clients.objects.filter(entry_query).order_by('id')
print found_entries
else:
found_entries = Clients.objects.all()
return render_to_response('clients.html', { 'query_string': query_string, 'found_entries': found_entries }, context_instance=RequestContext(request))
and in the html i display the list of clients like this:
{% if found_entries %}
{% for Clients in found_entries %}
{{ Clients.name }} {{ Clients.last_name }}
{% endfor %}
{% endif %}
for example an employee form store 1 do not need to know about clients of store 3, but needs to know about clients from store 1. And the administrator needs to know about every client from every store.
which is the best way of doing this? i've been searching about django-guardian, but dont know if i can work this out in a easy way with group permission.
Also i considered making the app individual for each store and create a second app that imports data from all the corresponding stores via web service using tastypie, that way is cleaner to scale.
来源:https://stackoverflow.com/questions/30134674/django-roles-authorization-architecture