django.contrib.auth
has User
and Group
models. I’m using the User
model for my users, and the Group
model to manage their broad permissions (access to admin site, access logs, etc).
I also have my own Client
model (representing a business client corporate entity). Let’s say I’m going to have many clients, and I don’t want them to see each other’s data.
Do I:
- Create foreign keys in the data models pointing to the
Client
, extend theUser
model with a foreign key to theClient
and check that theUser
and the data models both point to the sameClient
before allowing data access? - Extend the data models to point to the
Group
, and check that theUser
and data models point to the sameGroup
beforing allowing data access? - 1-to-1 relationship between
User
andUserProfile
, and then foreign key fromUserProfile
toClient
? - Something else?
My preference is to avoid extending anything in django.contrib.auth
because it’s probably going to break upgrades and middleware.