Skip to content

Reinvestigate how to do global permissions

Having global persmissions using a "virtual", unmanaged model seems to somehow work, but it looks inconsistent and feels clunky.

At least, it should be ensured that the model does not have any fields. Right now, the global permission models inherit from ExtensibleModel, which is wrong. (Fixing that, note that it is ok to alter existing migrations to remove the fields, as the model is unmanaged and thus the migrations have no effect on the database). It should also have default_permissions = () in meta.

This has to be done in all apps.

But in general, we should discuss again how it is done the right way:

  • Sadly, the related pull request on Django has not received an update since 2017, but the Django core team already accepted the general idea, so there might be hope. Maybe one of our team members could look into it.
  • There is django-global-permissions, but it seems outdated and unmaintained