2022-06-29, 16:00–16:20, Hall 3
Taking the Django traditional groups and permissions to the next level by adding layer and using an access endpoint pattern approach to provide scalability, flexibility and a wider control of authenticated user's access.
Django comes with a built-in permissions system with view, add, change, and delete permissions, as well as the ability to add other permissions as one might wish (even if with weird and uninformative names that no one will eventually use).
One question remains, though: is it the right approach when building a big Django application that contains a lot of different authorization groups?
This talk is more of a case study dedicated to the challenges (and solutions) we had at Bluevine around this exact question.
At Bluevine we faced many difficulties enforcing authorization with the traditional Django authorization system for several reasons.
* incompatibilities and different users with different sets of permissions, due to lack of restrictions around the Django auth user model.
* Inability to grant limited permissions to different models.
The above are just a few of these difficulties.
In this talk, we'll discuss the above and other difficulties, as well as our solutions.
Hint - we refreshed the Django permission mechanism by adding a role layer, changing permissions, and more.