Open Baschdl opened 4 years ago
Add the corresponding permission in the stats
app migrations and check for that one. In the admin interface, permissions are grouped by their content type, which includes its app.
Problem is that it would make sense to have the stats_view
restriction in the stats
app and check this restriction on our profile page but our app could possible be used without the stats
app. Maybe @kevihiiin knows the best practice for this
An academic (:wink:) way would be to have two permissions:
matching.view_access_stats
stats.view_x
, stats.view_y
(django-generated if stat types are models, else manually added)and then combine them in a group. The assign users this group. Now matching
would check the first permission for showing the button, and stats
would check for the second permission to show the view.
It is best-practise to assign permissions to groups and not users directly, meaning this would not make the "permission-giving" harder or more complicated.
How do we restrict access to the access statistics according to
can_view_access_stats
when it's in a separate app which is at first independent of thematching
app?