How to segregate data between user groups in Django?

django.contrib.auth has User and Group models. I’m using the User model for my users, and the Group model to manage their broad permissions (access to admin site, access logs, etc).

I also have my own Client model (representing a business client corporate entity). Let’s say I’m going to have many clients, and I don’t want them to see each other’s data.

Do I:

  • Create foreign keys in the data models pointing to the Client, extend the User model with a foreign key to the Client and check that the User and the data models both point to the same Client before allowing data access?
  • Extend the data models to point to the Group, and check that the User and data models point to the same Group beforing allowing data access?
  • 1-to-1 relationship between User and UserProfile, and then foreign key from UserProfile to Client?
  • Something else?

My preference is to avoid extending anything in django.contrib.auth because it’s probably going to break upgrades and middleware.

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *