Is it okay to have 100's of Groups?

#1

I’m trying to implement object-based permissions with Django-Guardian, but find that I’ll likely need to make a couple hundred groups to make it work for my use. Is this okay?

I often only see examples with a couple groups, not hundreds, so I’m tempted to think I’m going about this in a wrong way.

E.g.

I have a model named Zones, where I have 300 zones which represent geographic areas. I’m trying to make it so any users within their respective zone have elevated permissions, e.g. to edit that zone’s information.

I was hoping I could do something like this:

assign_perm('change_zone', zoneUserGroup, zoneObject)

where zoneObject would be based on the User’s zone field. This way I would only need 1 group.

But I see that this sort of dynamic isn’t possible, it has to be more explicit and hard-coded. It seems like I need to do a group for each object I want elevated permissions for.

E.g.

assign_perm('change_zone', zoneUserGroup1, zone1)
assign_perm('change_zone', zoneUserGroup2, zone2)
assign_perm('change_zone', zoneUserGroup3, zone3)
assign_perm('change_zone', zoneUserGroup4, zone4)
...
...
...
assign_perm('change_zone', zoneUserGroup299, zone299)
assign_perm('change_zone', zoneUserGroup300, zone300)

Does anyone know if I’m totally off the mark here, or is this actually the correct way to implement Object-based Permissions with Groups?

0 Likes

#2

On reflection, I believe it’s better for me to just check the user’s zone field directly from the user model (like I was wanting to do with zoneObject in above code)

I guess I was a little confused as to what Django Guardian (and object permissions in general) was adding. But it seems like a lot of what I’m trying to do can actually be accomplished without explicit object-based permissions.

My apologies for the naive question.

1 Like