I’m trying to implement object-based permissions with Django-Guardian, but find that I’ll likely need to make a couple hundred groups to make it work for my use. Is this okay?
I often only see examples with a couple groups, not hundreds, so I’m tempted to think I’m going about this in a wrong way.
I have a model named Zones, where I have 300 zones which represent geographic areas. I’m trying to make it so any users within their respective zone have elevated permissions, e.g. to edit that zone’s information.
I was hoping I could do something like this:
assign_perm('change_zone', zoneUserGroup, zoneObject)
where zoneObject would be based on the User’s zone field. This way I would only need 1 group.
But I see that this sort of dynamic isn’t possible, it has to be more explicit and hard-coded. It seems like I need to do a group for each object I want elevated permissions for.
assign_perm('change_zone', zoneUserGroup1, zone1) assign_perm('change_zone', zoneUserGroup2, zone2) assign_perm('change_zone', zoneUserGroup3, zone3) assign_perm('change_zone', zoneUserGroup4, zone4) ... ... ... assign_perm('change_zone', zoneUserGroup299, zone299) assign_perm('change_zone', zoneUserGroup300, zone300)
Does anyone know if I’m totally off the mark here, or is this actually the correct way to implement Object-based Permissions with Groups?