What is django-teamwork?¶
django-teamwork is a Django app that offers an authorization backend with support for per-object permissions based on combinations of Teams, Roles, and Policies.
This app was born out of Kuma, the Django-based wiki / CMS that powers the Mozilla Developer Network. MDN hosts a large body of documentation, with pages arranged into a tree of sections and sub-sections. These site sections are each managed by different teams and people, whom in turn have their own requirements for controlling access to read and alter content.
So, django-teamwork was created to provide per-object and per-section flexibility for controlling permissions granted by content objects. Here are some highlights:
- Teams can be given ownership of content Objects
- Teams offer Roles that, when assigned to Users, grant selected Privileges for team-owned content objects
- Independent of Teams and Roles, Policies can be set on content objects that
grant Permissions based on criteria such as:
- whether a User is anonymous or authenticated;
- whether the User owns the object;
- or by matching specific Users and Groups.
- Policies can be set on a Site objects to apply site-wide
- Policies can be specified in
settings.pyto establish a base set of Permissions for the entire installation.
- Content objects can optionally filter the set of Permissions granted by Teams, Roles, and Policies to add or remove Permissions based on custom model logic.
- Content objects with a hierarchical tree structure can optionally offer a list of parents. This is used to implement inheritance for Team ownership and Policy application, so that Permissions cascade down the content tree.