go-guardian | golang library | Authentication library

I have two Django Models of the form:

I have an app with model hierarchy in which I need underlying objects to have the same permissions as the parent object (not only their definitions/codenames, but also per-user and per-group rights).

Django-guardian seems to have only functions allowing to check for specific user/group permissions.

Is there any canonical approach to clone all the permissions from one object to another or force the inheritance?

I want some advice on choosing right package in a REST Api django project

For authentication:Which one of below I should choose ?

django-oauth-toolkit: seems to be the most robust and recommended oauth library for DRF. This do not have account management. How can i implement account management with this package? If yes, can I get some guide.

django-rest-auth: API endpoints for authentication, and basic account management for DRF. But seems not as robust as django-oauth as django-oauth allows token expiery etc. or i am missing some feature of rest-auth

For authorisation: I will be going for django-guardian over django-role-permission. Later seems more like back end utility to control user roles.

My deep desire is to use oauth-toolkit but it does not have basic user management. On the contrary rest-auth has user management but lacks (seems to be) roubustness of oauth.

Please help me make a choice.

I have a ListView as follows, enabling me to loop over two models (Market and ScenarioMarket) in a template:

I'm creating a Django project to help people run clubs and community groups. I'm new to Django and I can think of lots of different ways to add users to clubs and manage permissions, but it's not clear what the right way to do it is.

I have a "Club" model and a "Team" model. A club can have many teams, and members of a club may or may not be members of a team, but a user must be a member of the club in order to join the team. There will also be various permissions around what a club/team member can and cannot do (and what a club/team administrator can do)

My current plan for managing membership is to create "ClubMembership" and "TeamMembership" models and create the relationships using ManyToManyField.through, as demonstrated here: https://docs.djangoproject.com/en/2.2/ref/models/fields/#django.db.models.ManyToManyField.through

For permissions, it looks like I should use django-guardian and set permissions when people join/leave a club/team. Would it make sense to also have a "members" foreign key to django.contrib.auth.models.Group in my club/team models to keep track of this?

It feels like I'm doubling up in some areas by having membership managed by membership models and then also using groups to set permissions. Is there a better way to approach this, or anything I should modify/consider?

Whats the difference between DjangoModelPermissions and DjangoObjectPermissions?

I'm still learning Django and DRF and according to the docs, they seems to do exactly the same thing.

DjangoModelPermissions: This permission class ties into Django's standard django.contrib.auth model permissions.

DjangoObjectPermissions This permission class ties into Django's standard object permissions framework that allows per-object permissions on models

For the later, it seems like it has something to do with Django’s permission framework foundation which has no implementation. and apparently, django-guardian fills in this gap.

In Django admin, I'm able to assign a Model's CRUD permission to users and groups, so what does the later add?

I'm trying to wrap my head around this permission system. What are the differences and what should I know about them?

I'm using a 'Task' Model to create operations/administrative tasks in my dashboard. Each task has an assignee, and a reviewer. The assignee completes the task by passing several checks, and the reviewer verifies their work, both of these require each user to edit a check, but neither user should be able to access or modify the other's result.

If the assignee views the Task (with checks inline), they should only be able to modify the "result" and "comment" elements of the check, where as the reviewer can only edit the "review_result" and "reviewer_comment" elements.

To validate this I need to use the fact that given a check, the current user editing the page is equal to check.task.assignee or check.task.reviewer.

I cannot find a simple way to do this, even using django-guardian, as this requires field-level permissions, rather than object level. I considered using modelForm validation, but cannot find a way to access the user from within the model with some hacks such as django-cuser.

Is there another architecture which would allow this? The only way forward that I can see is to use django-guardian combined with two checks, a check and a checkReview, and set object level permissions as the assignee and reviewer are chosen.

I am building an API using Django Rest Framework for my car-sharing app. I want to let not owner users to have access to update "participants" field in race, so they can join. Other fields should be available only to owner. I was reading about django-guardian, but i don't realy understand how to implement it. Here's my model:

I have a field on a Company called leave_approvers which is a ManyToManyField to Users.

The leave_approvers can approve leave of other users in the company they are a leave approver for. They also receive an email when leave is requested.

I would now like to show or hide the Approve Leave tab in the main layout based on whether the user is a leave_approver.

1. Is the decision to have a leave_approver field flawed as I should be using the built in authorisation or something like django-guardian. Note that I am sending an email to the leave_approvers and that would mean

2. Can I just make a query in the base.html to check if a user is a leave_approver. How can this be done and surely there is a performance hit?