Wrapping my head around Permissions Reference

Question

Wrapping my head around Permissions Reference

premudeshi opened this issue a year ago · 5 comments

Hello,

I am trying to wrap my head around the permissions reference, but I am having hard time implementing it.

I have created custom permissions for my models. How do I give users that specific permission, but I want to give the user the permission only in a specific tenant, not across all tenants.

How would I implement this?

Thanks.

Answer 1 · 2024-01-18T21:09:41.000Z

With django.contrib.auth being in the TENANT_APPS section, each tenant will have it's own Permissions objects in that given schema. Basically we shim the permissions system via PermissionsMixinFacade in UserProfile. This allows us to keep the User info global (via shared) and Permissions segmented to each tenant.

To specifically answer your question, doing ~~user.user_permissions.add(permission)~~ user.usertenantpermissions.user_permissions.add(permission) (or adding via Django Admin) will create a Permission object in the active tenant schema, and then since we shim methods, doing things like user.get_all_permissions() will give the permissions for that tenant.

There's a little more to it than that, but hopefully should get you started.

Answer 2 · 2024-01-18T21:56:33.000Z

Thats how I understood it, however using the same lines that you are using, I get 'TenantUser' object has no attribute 'user_permissions'.
Here is my user model:

class TenantUser(UserProfile):
    first_name = models.CharField(max_length=100, null=True)
    last_name = models.CharField(max_length=100, null=True)
    # profile_image = models.URLField(null=True, blank=True)
    profile_image = models.TextField(null=True, blank=True)

And my Settings File:

SHARED_APPS = [
    'users', #my TenantUser is stored here
    'django_tenants',
    "tenant_users.tenants",
    "tenant_users.permissions",
    'gateway', #my Tenant model is stored here
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',....
]

TENANT_APPS = ['django.contrib.auth', "tenant_users.permissions", 'django.contrib.contenttypes', ... ]

What am I doing incorrectly? Even in Admin, I don't see the permission selector, I don't even have user groups.

Answer 3 · 2024-01-18T22:44:41.000Z

Big typo on my other comment. It should have been user.usertenantpermissions.user_permissions.add(permission) as the UserTenantPermissions extends Django's PermissionsMixin.

Since permissions are anchored to the UserTenantPermissions object, you won't see them in your TenantUser model, unless you explicitly add it, like by using an Inline.

You should see the Permissions and Groups under the section "Permissions" (the app name) and model "User tenant permissionss" (yeah, there's a typo there)

Answer 4 · 2024-01-29T19:05:32.000Z

Did you get this to work @premudeshi? Perhaps we can extend the docs with some examples of managing Permissions within TenantA vs TenantB. Would that be beneficial?

Answer 5 · 2024-02-01T19:48:00.000Z

Oop. I thought I closed this. Yes That worked. I think adding more documentation would help newbies like me :)