Opened 2 years ago

Last modified 2 years ago

#29748 assigned New feature

Add AUTH_GROUP_MODEL setting to swap the group model

Reported by: damoncheng Owned by: damoncheng
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Someday/Maybe
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


The information is not enough for the most project in django.contrib.auth.models.User and django.contrib.auth.models.Group. The project can only custom User and Team model.

The auth User can be changed in the django settings by AUTH_USER_MODEL. But the Group cannot.

Further, There are many group permissions problem presented when project use django permissions.

Firstly, In django.contrib.auth.ModelBackend, Django currently bind group permissions with django.contrib.auth.models.Group

def _get_group_permissions(self, user_obj):
    user_groups_field = get_user_model()._meta.get_field('groups')
    user_groups_query = 'group__%s' % user_groups_field.related_query_name()
    return Permission.objects.filter(**{user_groups_query: user_obj})

If the project want to relate the group permission to custom team. the project have to custom backend that extend django.contrib.auth.ModelBackend and modify group to team.

Secondly, the bad design limit the other app design, many app about django permission , only support group permission based on django.contrib.auth.models.Group, like django-guardian.

In the conversation with Adam Johnson(!topic/django-developers/llQJZUKejXg). Admin suggestion me to contribute it or to use OneToOneField to solve the basic problem. But the OneToOneField is not elegant and it have problem in some scene. For example, A project is a cloud item, It use SCIM to manage user and team identities in cloud. it transfer resource from sender to many receiver.

Before the project use OneToOneField, The project only transfer user and team from sender to receiver. It spend 2 hour.

After the project use OneToOneField. The project need transfer user and team from sender to receiver, then create group and make team OneToOneField to Group in the receiver. It spend 6 hour.

it degrade the transform performence.

So please make me to support AUTH_GROUP_MODEL that optimize django group permission design

Change History (1)

comment:1 Changed 2 years ago by Tim Graham

Has patch: unset
Summary: Support AUTH_GROUP_MODEL to optimize django group permission designAdd AUTH_GROUP_MODEL setting to swap the group model
Triage Stage: UnreviewedSomeday/Maybe

It's unclear if the complexity is too much to implement this. See django-developers for the discussion.

Note: See TracTickets for help on using tickets.
Back to Top