The permission system currently works, but it is overly complex and consequently there is a lot of code repeated, violating the DRY principle. It would be nice to consolidate the permissions into a small group of methods on the Article model. For example:
can_view() - determine whether the provided user can view the article
can_edit() - determine whether the provided user can edit the article
These are boolean methods. However, we also need a @classmethod that returns a modified queryset that filters articles that the user cannot view. This is used basically anywhere a list of articles is needed/displayed.
This needs to be carefully planned and thought out to avoid the organizational problem that currently exists.
The permission system currently works, but it is overly complex and consequently there is a lot of code repeated, violating the DRY principle. It would be nice to consolidate the permissions into a small group of methods on the Article model. For example:
can_view()
- determine whether the provided user can view the articlecan_edit()
- determine whether the provided user can edit the articleThese are boolean methods. However, we also need a
@classmethod
that returns a modified queryset that filters articles that the user cannot view. This is used basically anywhere a list of articles is needed/displayed.This needs to be carefully planned and thought out to avoid the organizational problem that currently exists.