Follow

Is there a best practice on how to implement field level permissions in Django 2?

I need specific user groups to have read-only access to certain fields in a model instance.

Other user groups shall be able to modify all fields of the model instances.

I'm happy about any hints :)

@morre maybe you could create model level a permission that you can use as an indicator to which set of fields the group can edit ?

E.g: modelname_edit_all_fields and modelname_edit_restricted_fields

And use this in your view or form to perform your checks?

(It only works if you don't need distinct restricted fields per group or user though)

docs.djangoproject.com/fr/2.2/

@morre if you need the list of editable fields to be dynamic, another approach is to encode the list of editable fields in the permission name, e.g:

modelname_editable_fields:title,cdate

And use this in your form to dynamically exclude some fields in the init?

@morre You might want to consider even object level access control? We have good experience with github.com/django-guardian/dja

Sign in to participate in the conversation
chaos.social

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!