Support multiple roles about django-role-permissions HOT 17 CLOSED

+1 for multiple roles support.

Not my use case but I think a good example in support of multiple rules. In a school environment I can see a user playing several of these roles.

Roles:
Principal, Teacher, Teacher Assistant, Admin Staff, Staff, Student

from django-role-permissions.

This is up on PyPI as version 2.0.0.
Thanks very much for everyone's contributions, and @kavdev for the PR.

from django-role-permissions.

Yes, the app was though for a role per user. In most scenarios this works well and you can manage more specific stuff using permissions.
When you assign a role to a user you can still change it's permissions, so it's a very flexible approach.

Could you tell me more about your use case?

You are welcome to propose a new interface to allow a user having multiple roles. Please send some examples on how you think we should do it. Keep in mind we have to keep the current interface working so other apps don't break. But if your approach is much better than the current one, we may even make breaking changes and release it as version 2.0.

from django-role-permissions.

I'm not currently using django-role-permissions, but have it in mind for a couple projects I'd like to replace at work and was initially put off by the lack support for multiple roles.

All of our current systems allow multiple roles be assigned to a single user. We have situations such as:

1. "Reviewer" role has edit access to all objects of model A, but only in certain states
2. "Read Only" role has view access to all objects of model A, in all states
3. Some reviewers are granted the read-only role as well.

It would be possible to create a third role, reviewer_with_readonly, but I think this approach would result in a lot of duplication (permissions within roles, role checking in views, etc)

from django-role-permissions.

If you have a site with multiple apps where different users have different roles in each app, it would be very convenient to be able to assign roles. One such use case could be a site with the following apps and their respective roles:
News: news_publisher, news_reviewer
Articles: article_publisher, article_reviewer
Forum: forum_admin, forum_moderator
Mail-list: maillist_admin, maillist_publisher

If users are allowed to have different roles in different apps, then it would result in a lot of duplication to cover each possible set of roles.

from django-role-permissions.

+1 also from me.
My use case is that I have multiple roles with not overlapping permissions ("forum admin", "chat admin", "site staff", etc.) and I want to assign many roles to the same user and not create superset of permissions.

I might be able update the code by myself, but I would like some hints about what I should take in account.
My idea was to modify assign_role_to_user in a way that I can preserve the previous assigned roles

@classmethod
    def assign_role_to_user(cls, user, remove_previos_roles=True):
        """
        Deletes all of user's previous roles, and removes all permissions
        mentioned in their available_permissions property.
        :returns: :py:class:`django.contrib.auth.models.Group` The group for the
            new role.
        """
        if remove_previos_roles:
            from rolepermissions.shortcuts import remove_role
            remove_role(user)

is this enough or should i take in account something else I am missing?

from django-role-permissions.

@giocalitri it should take a little more than that. Many functions assume a single role, we will need to change the way we check for roles and permissions.

from django-role-permissions.

@filipeximenes I understand. I might still be able make the work if I have a clear list of what I need to modify.

Sorry for putting pressure, but I have a strict deadline and if this does not work for you I need to move on and find another solution.

from django-role-permissions.

@giocalitri You will need to check on all functions in these files:

https://github.com/vintasoftware/django-role-permissions/blob/master/rolepermissions/verifications.py

https://github.com/vintasoftware/django-role-permissions/blob/master/rolepermissions/shortcuts.py

Some notes:

• remove_role will need to receive the name of the role
• We will need a function to remove ALL roles at once
• Be careful on grant_permission and revoke_permission as they will need to check if the permission is available in any of the roles
• Make sure you keep all the existing tests and add new ones for every function considering the possibility of multiple roles
• We will need to update all the docs
• This will be released as version 2.0

from django-role-permissions.

@filipeximenes Thanks for the input.
I will start to work on this from, likely, tomorrow.
I plan to have a PR by the end of next week (if there are no complications).

When do you plan to release 2.0?

from django-role-permissions.

@giocalitri As soon as we meet all the requirements for a stable release (a.k.a. do everything in the notes above :P)

from django-role-permissions.

@filipeximenes Great!
I am sure I will have some other questions: is this issue a good way to discuss?

from django-role-permissions.

Yes, this way everyone can participate.

from django-role-permissions.

@filipeximenes Was there any progress on this? According to the docs, there is still no support of multiple roles per user.

from django-role-permissions.

@bartonaz I haven't heard from @giocalitri so far

from django-role-permissions.

@filipeximenes @bartonaz @giocalitri: Luckily my work needs this, so if nothing comes up, I should be able to get a PR in by the end of the week.

• def remove_role(user, role)
• def clear_roles(user)
• Assign role should no longer clear roles
• Update associated permissions functions
• Tests

from django-role-permissions.

@kavdev Well done! I have also implemented a similar functionality. You might want to take a look here and maybe include some of the features in your branch.

from django-role-permissions.