All geek questions in one place

Permission management recommendations?

Hi everyone, I need some advice about this ...

We have a specific configuration of permissions in the database for certain levels of control that the user can have over the application. Disabled, ReadOnly, and Edit.

My question is: are there more general / better ways to handle the permissions applied to the form element on the page than writing a protection / check method on the page to enable / disable / hide / show the corresponding controls depending on the permissions?

Does anyone have any experience with this in different ways?

Edit:

I just thought about the possibility of adding constants for each level that needs security, and then add the IsAuthorized function to the user class, which will take a constant from the form in which the control is located, and return a boolean value to enable / disable the controls, this is really would reduce the number of places I would have to hit when / when I ever need to change security for all forms.

Hooray!

+3
source share
4 answers

Sorry for being a little off topic, but learn from my mistake:

-, , , 3 : (), (), - (admin), , ... . , , , .

, , . .

+3

, , .

  • / -
  • Blanked/System/Unchanged - - - -
  • ReadOnly/Editable -
  • /Blank/ - , , ,

,

  • - 1 ,
  • - , , , ,
  • - , , ,
  • - ,
  • - , ,

? -, , , . .

  • , , , , "" ,
  • , , , ,
  • , ,
  • ,
  • -, ,
  • , .
  • ,
+2

, django forms . , , , , . , /readonly/ .

, . , . , .

+2

, , : NONE, VIEW, REQUIRED, EDIT.

, REQUIRED , , , EDIT ( , ) , REQUIRED ( ).

:

/** NO permissions.
 *     Presentation: "hidden"
 *     Database: "no access"
 */
NONE(0),

/** VIEW permissions.
 *     Presentation: "read-only"
 *     Database: "read access"
 */
VIEW(1),

/** VIEW and POPULATE permissions.
 *     Presentation: "required/highlighted"
 *     Database: "non-null"
 */
REQUIRED(2),

/** VIEW, POPULATE, and DEPOPULATE permissions.
 *     Presentation: "editable"
 *     Database: "nullable"
 */
EDIT(3);

( ) . ( ) (- + ). , ( ) .

: , . , , - . , , . , , , , , , .

:

1) ( NONE) (VIEW).

2) , - , .

3) "" ( ), , "" ( ).

. ( ) , - "if".

, , . , .

( . : )

0

Source: https://habr.com/ru/post/1699300/

More articles:


All Articles