I am developing a website which will be used as a multi-tenant system. It will be used by the members of multiple organization. The pages in the system could be different for different organization. I want tos use web2py inbuilt access control system. However I am not able to figure out how do I differentiate users as per the tenants. I cannot mention tenant in auth_user as a single user may have access to multiple tenants(in case of super admin). I also cannot mention it in auth_group table for the same reason. What I think is that I can do it in auth_permission table by mentioning tenant in the name field of that table. Will it be a correct approach? Please suggest me if you have any solution to this.
Related
I have a django project and want to divide it into multiple databases with the same structure.
Use url to distinguish different databases. When the admin management page logs in, log in to different databases according to different urls.
For example: 127.0.0.1/admin uses the admin database, 127.0.0.1/admin2 uses the admin2 database.
Does django implement this function? What do I need to do, Can you give me some suggestions or ideas? thank you very much
TL;DR
As far as a single django project is considered, there is no default way to achieve multiple database.
Scenario 1
From your very limited explaination I will assume that you want to seperate data of one admin dashboard from the data of second admin dashboard, to achieve data isolation with respect to permissions & other models, this is called multitenancy.
Very briefly: In a Multitenant architecture you can have multiple tenants whose structure is defined by your models.py and you can control all this tenant via a main superadmin, these tenants can have their own admin dashboard where the data stored in them are only specific to their tenant users. In more simpler terms you can have a SaaS app with this method, where you can have multiple organizations and these organizations have their own users with their specific permissions/groups.
Multitenancy can be achieved in django via a Schema seperated database using POSTGRESql and this awesome package that has already done most of the heavy lifting for you. You can achieve seperate logins via url or subdomain. If your tenants have users who part of more than one organisation and you want a single login for all of them then you can use this package that goes along with django-tenants. It provides a public user table with permission modules separate for each tenant.
Scenario 2
From your very limited explaination I will assume that you still want seperate databases for your app, in such case you need to rethink your approach to the problem because it is not something you will fancy after deployment as there is not direct way provided by django. Instead you should look into micro-service architecture.
Is there any way to have Django oauth for 2 Different types of User Models?
I am working on a site which has Customer and Business, and both will have their seperate logins. There is no such information that they will have in common and really can't use common db table for both.
We will be having different database tables for customers and business, thus need different oauth tables. I couldn't find any way to accomplish it.
try django-role-permission
https://django-role-permissions.readthedocs.io/en/stable/
This has role based permission. If you go through the example, probably you will find exactly you are looking for..good luck
Using Django 1.5 here. I have an application I've created that currently has one big set of data, for one "account" if you will. Meaning all the data in all the models in my application are available to all logged-in users. Now, I want to be able to allow more people to use my application but with their own set of data. So I need to separate users into different accounts with different sets of data for each account. There could potentially be one or multiple users that has access to each account. At this time I don't need different users within one account to have different levels of access though I do intend for one user to be the account "owner".
I know that to make this conversion, I of course need to add a field to every model with a foreign key to a new "account" model. But beyond that I'm a little foggy. This appears to be a square peg in the round hole of Django's auth system. So the question is, what is the best approach?
A few thoughts I had so far:
Simply filter each and every query by account
Wrap each and every view with a decorator, but with multiple models, do I have to create a different decorator for each model? Can I tell from within the decorator which model is being accessed?
Somehow make use of the Auth system's user_passes_test decorator, but again, different models.
Extend the auth system to include a request.account attribute
Create a new mixin for my views? What if I'm not using exclusively CBVs?
Different middleware?
I considered using a new group for each account and then filtering by group instead of a new account model but I predict that would be a poor fit in this situation, as it isn't using groups as they were intended.
This is less of a code question and more of a big-picture, best-practices question. How would you approach this?
What you request is not so exotic: This is called authority data - you seperate your users to authorities and each authority will have each own data. For instance, you may have a number of departments in an organization - the data of each department can be edited only by members of the same department. I have already written a blog post with a simple approach to that using django:
http://spapas.github.io/2013/11/05/django-authoritiy-data/
To recap the post, I propose just adding an Authority model for which your User will have a ForeignKey (each User will have a Profile).
Now, all your Models whose data will belong to specific Authorities will just contain a ForeignKey to Authority. To check for the permissions you could use CBVs - the django admin will only be available to the central Administrators that have access to all the data. I recommend against using the django permissions for authorization of Authority data. If you want read the post which is much more detailed and ask here any questions.
I am developing a Django app being a Web frontend to some Oracle database with another local DB keeping app's data such as Guardian permissions. The problem is that it can be modified from different places that I don't have control of.
Let's say we have 3 models: User, Thesis and UserThesis.
UserThesis - a table specifying relationship between Thesis and User (User being co-author of Thesis)
Scenario:
User is removed as an author of Thesis by removing entry in UserThesis table by some other app.
User tries to modify Thesis using our Django app. And he succeeds, because Guardian and Django do not know about change in UserThesis.
I thought about some solutions:
Having some cron job look for changes in UserThesis by checking the modification date of entry. Easy to check for additions, removals would require looking on all relationships again.
Modifying Oracle DB schema to add Guardian DB tables and creating triggers on UserThesis table. I wouldn't like to do this, because of Oracle DB being shared among number of different apps.
Manually checking for relationship in views and templates (heavier load on Oracle).
Which one is the best? Any other ideas?
I decided to go with manually checking the permissions, caching it whenever I can. I ended up with get_perms_from_cache(self, user) model method which helps me a lot.
I'm new to Django and I'm working on the public website for a small company.
I'm facing an issue that I guess has already been encountered by lots a django noobs,
but I can't manage to find a good solution.
My problem is that there some informations (contact address, office phone number, company description...) that I use in nearly all of my views and are by nature unique (undertand: a database table with only 1 row). I currently store these informations has a model in my databse, but I find it a bit weird issue an additional database request each time (each view)
I need to access them. However, I need my client to be able to edit these informations (by the admin interface).
So, please, is there a django idiom to handle such an use case ?
Thx in advance.
If you look into caching solutions, they will probably do what you need.
The general queryset caching solution I use in johnny-cache, but for what you need, you can probably just load it up from the db and store it in the cache.
What you want to do is use select_related('contact_profile','office_data') etc when you query the items in your view, and in the admin, instead of registering all the data separately just use the InlineAdmin class for the Admin site and you will be able to edit all the information as if it was a single entity.
Check out the django docs for more information.