I am building an e-learning platform using Django and as part of the platform one can buy online courses.
For each course I have a manytomany field of users and every time a user purchases a course I add them to the field.
Is this a good approach to give users access to the course? What would your approach be in this case?
Yes, it's the way I would go for it.
With such solution you can extend your manytomany table with fields like expiration date (so the users buy temporary access to the course), something like scope (so limit the user to just a part of a course) and you can e.g. group courses into packets and allow users to buy all of them.
Related
I'm working with Flask-restplus and I am at a point where I would like to associate each User in my user model to a type of profile, where each user can be associated with one or many profile types. I'm wondering how you guys would go about this. So far, here's what I'm thinking/planning to do. NOTE: I'm not very experienced in web development, so there's a chance I don't know the best way to accomplish this.
Step 1: Create a one-to-many (clients need to also be employees, see below) field (profile_types) relating to a static table that just lists all possible profile options. EXAMPLE:
PK PROFILE TYPE
1 provider
2 employee
3 client
.....
The idea here is to track different information and allow for different views/endpoints for users who are tied to certain profile types. Example, employees would provide a valid login authentication and be directed to page A while a client would be directed to page B, etc. We're also planning on collecting different data points within each profile model.
So an instance of a user might look like this, user1.profile == [client, employee'].
NOTE: This is more important for data collection (ie age of employee, start date, etc) than it is for creating directives based on permissions.
Step 2: Upon creating the new user, a signal fires off the creation of a profile based on the profile_types supplied to the user instance. I've used signals with django in the past, is there a signal library for Flask?
Step 3: An empty profile instance(s) now exists for that user. It will be up to a superuser to upload data in bulk or manually fill out profile information.
Is this a sensible way to go about this? My other though is to create a bunch of Boolean fields in the User model is_provider, is_employee, is_client, etc. All fields that are True get assigned a profile instance. What's the best way to go about this?
Thanks everyone!
Seeing that are you try to validate multiple profile types, you may use
if user.profile_type in ['employee', 'client']
Now, if you want to add an super user I think you can use this
if user.profile_type in ['employee', 'client'] and user.profile_type == 'superuser'
Now, you relationship is more like 'many-to-many', because you are saying that an client also needs to be an employee, if you mean that some endpoints needs to be accessible for employees and clients, then you need to use a 'many-to-one' relationship (an Stackoverflow question which explains what is that)
For your instances, there is Flask Marshmallow, which has an amazing compatibility with Flask SQLAlchemy if you are using an database, but Flask Marshmallow can work alone.
In a Django Application, I have a model called application.py which is created by a user say "u". I want to list all the application created by the user "u" later, so i may need to add a reference to the model application.py from user.py.
I have one more requirement , as an admin , i need to provide access to any number of users to the same applications. So I assume this can be done with many to many relation.(Since users can access many applications).
Now the question is , is it possible to implement this behavior with user groups ,with one group is responsible for handling one application, so that in a later point of time i can add as many users as needed from the backend to respective groups to manage the same application.?
Which one is better , managing the users using many to many relation with model application.py or relating a group to application.py
and managing users using groups.
There are multiple ways to solve this, but it from a future flexibility point of view this sounds like a Role, Permission and Group relationship:
Applications have a many-to-many relationship to Users through a Membership.
Each membership would point to a Role. That could be hard-coded to start with (just a string like 'admin' or 'viewer').
This way a User can be associated to an Application as viewer or as an admin.
In the future, to add flexibility, you would have a model Role that describes the role (and could be associated to one or more Permission models to list the permissions for each role). So Membership would have a pointer to Role via a ForeignKey.
Check the documentation on extra fields on a many-to-many relationship.
There are also packages that solve this problem, e.g. django-permissions and django-role-permission
I'm having a SaaS application which needs a main user (like the owner of the business who would use the SaaS) to be the admin of that particular tenancy. Now the main user needs of have multiple sub users (like a user looking for sales, other for purchase, etc).
Now my question is single level tenancy is possible in Django. How can I do the second one?
Any help will be highly appreciated.
You need to look at foreign key based fields in particular the many to many field. You can then use manytomany through a role object which captures information about roles i.e.
See the django docs for excellent examples
I'm a novice in Django (but an experienced developer), and I'm starting to build my first Django project.
The project is really simple: a website where people can join events. An administrator sets an sports event, chooses the date, the kind of event (running, tennis match, bycicle ride), etc, and users can join it.
My problem is that the events can have very different data inside, depending on his category. For example, if it's a two-people team tennis match, an users should enter his name and his teammate name, their team name, etc. If the event is a bycicle ride, he can choose if he wants the difficult or the easy route, etc.
I know I can create a big model with all the attributes for every kind of event, but this is a really ugly design... There should be a common table for all registrations, with a link to the event and the basic and common data (name, address, phone, email, etc), but I don't know how to handle the specific data for each sport/event category... Any idea about how to organize this in Django models? Maybe adding a simple (key, inscription_id, type, value) table? And then, how can I render the form?
I believe what you suggested is called Entity-attribute-value model
http://en.wikipedia.org/wiki/Entity%E2%80%93attribute%E2%80%93value_model
I think there could be a good argument for keeping all data belonging to your events defined inside of a model instead of through a related generic EAV table.
To do this you could use one of django's polymorphic libraries. I have used django-model-utils' InheritanceManager in production. There are quite a few libraries including django-polymorphic.
Taking an inhertance based approach you might define a single Event model or Sport model. A sport might have a name, league, etc. All Events might have a start date and end date and sport.
Using this approach you can defined foriegn keys from your registrations to the base Event class and use djangos built in ORM to select all events or registrations of certain types, without having the additional application logic/object inspection/ property inspection of taking an EAV approach!
You can store all additional data in Text field using JSON object or other serializer.
Take look at django-jsonfield
I'm writing a web app, and I'd like to use repoze.what & repoze.who to handle my authorisation & authentication. The problem is that repoze.what seems to be hard-coded to accept a certain permissions model, that is:
Visitors to the site are either a logged in user, or anonymous.
User accounts belong to 0 or more groups.
Groups have 0 or more permissions associated with them.
So, for example, your permissions might be 'can-post-article' and 'can-post-comment', and your groups might be 'author', 'visitor', where 'author' can both post articles & post comments, while visitors can only post comments.
That model probably works for most sites. However, my site allows teams to collaborate with each other on different levels. So the security model that I need is:
Visitors are either a logged in user, or anonymous.
Users are a member of 0 or more groups.
For each group that the user is a member of, that membership will have different permissions. For example, the user might be an 'author' or group A, but a 'commenter' on group B.
The number of groups will change over time, and the memberships of those groups will also change. I can't see any easy way to integrate this permissions model into repoze.what. Am I missing something obvious?
Well, you could easily just have a "Group_A_commenter" group and "Group_B_editor" group. They don't have to be manually generated. :) Your model is really just a matter of grouping the groups.
But you should also be able to make Predicate checkers that implement your rules.
http://what.repoze.org/docs/1.0/Manual/Predicates/index.html#term-predicate
I have an answer, after a bit of fiddling.
The answer is that the only reason to use the authentication schema suggested in the repoze.what documentation is that if you do, you can use their predicates for free. Fortunately, writing & using your own predicates is a piece of cake. It seems to me that the only hard requirement is for a user object (although obviously you can call this whatever you want). In my app I have a bunch of custom predicates that check certain things like:
Is the user a member of this group? (group specified by a parameter)
Is the user logged in?
Does the user hold this particular site role?
I can then use these predicates wherever I want.