I'd like to use a permissions based system to restrict certain actions within my Django application. These actions need not be related to a particular model (e.g. access to sections in the application, searching…), so I can't use the stock permissions framework directly, because the Permission
model requires a reference to an installed content type.
I could write my own permission model but then I'd have to rewrite all the goodies included with the Django permissions, such as:
- The possibility to assign permissions to users and groups.
- The
permission_required
decorator. User.has_perm
and related user methods.- The
perms
template variable. - …
I've checked some apps like django-authority and django-guardian, but they seem to provide permissions even more coupled to the model system, by allowing per-object permissions.
Is there a way to reuse this framework without having defined any model (besides User
and Group
) for the project?
Best Answer
For those of you, who are still searching:
You can create an auxiliary model with no database table. That model can bring to your project any permission you need. There is no need to deal with ContentType or create Permission objects explicitly.
Right after
manage.py makemigrations
andmanage.py migrate
you can use these permissions like any other.