Django Wagtail dynamic Menu's based on User and User Role
Using Django-Wagtail and Wagtail Menu's. I want to build a system with the following types of characteristics.
- I have a class of user (Vendor, Supplier)
- Each created user would need to be one of these two classes.
- Each class of user has different roles and the roles differ from class to class. e.g. Vendor: finance, stock, admin Supplier: finance, stock, admin, driver.
What I have done is create a class called UserType and both "Vendor" & "Supplier" inherit from this class. Then added a field to the User class that selects which type of user they are.
class UserType(model.Model): common fields....... class Vendor(UserType): child_vendor_only_fields..... class Supplier(UserType): child_supplier_only_fields..... class User(AbstractUser): userVar = models.ForeignKey(UserType, on_delete=models.SET_NULL, null=True, blank=True)
I have also used the wagtail admin to create custom roles for each of these classes as described above.
Clearly what "Vendors" can create, read, update and delete varies from that of a "Supplier". And still within that what the finance role can do within the "Vendor" differs from what "Stock" can do.
How would I create a dynamic menu that displays different menu's for these permutations?
My initial thoughts were inspired by this. Simply adding a choicefield
USER_TYPE_CHOICES = ( ('Vendor', 'Vendor'), ('Supplier', 'Suplier')) class GenericPage(MenuPage): """ This model will gain the fields, methods and `setting_panels` attribute from `MenuPage`, but `settings_panels` is being overridden to include other fields in the `Settings` tab. """ availableTo = CharField(choices=USER_TYPE_CHOICES,) # 'menupage_panel' is a collapsible `MultiFieldPanel` with the important # fields already grouped together, making it easy to include in custom # panel definitions, like so: settings_panels = [ FieldPanel('custom_settings_field_one'), menupage_panel ]
I have two questions:
Am I on the correct path for generating custom menu's for type of users? If so how would I then do the same for roles under type of users?
In terms of CRUD should I simply implement a check each time a user does a crud action whether or whether not they can commit that action pragmatically?
For CRUD, I'm not a fan of giving someone the option to do something then tell them that option isn't allowed after the fact. They might have spent half an hour creating/editing that page then find out they've wasted that time. Better to tell them on page load.
For user type, I'd just create those as roles that you add the users to. Then you just have a simple test for the user.groups to see what role they have.
You could easily develop a custom restricted panel for each of the panel types you need to restrict, easier if they're all FieldPanels. In the BoundPanel class you have access to the request object, so you can pull the user object from that at runtime and and decide what to do then.
The Panel.BoundPanel has a method is_shown(), so you can create a custom panel that inherits FieldPanel, override that method to test if the request user in an authorised list parameter and set true/false accordingly.
# restricted_field_panel.py from wagtail.admin.panels import FieldPanel class RestrictedFieldPanel(FieldPanel): def __init__(self, field_name, authorised_groups, **kwargs): self.field_name = field_name self.authorised_groups = authorised_groups if isinstance(authorised_groups, list) else [authorised_groups] super().__init__(self.field_name, **kwargs) def clone_kwargs(self): kwargs = super().clone_kwargs() kwargs.update( authorised_groups=self.authorised_groups ) return kwargs class BoundPanel(FieldPanel.BoundPanel): def is_shown(self): show_field = super().is_shown() is_authorised = self.request.user.groups.get_queryset().filter(name__in=self.panel.authorised_groups).exists() return (show_field and is_authorised)
In the page model:
content_panels = Page.content_panels + [ RestrictedFieldPanel('some_vendor_field', 'Vendors'), RestrictedFieldPanel('some_supplier_field', 'Suppliers'), .... ]
For the authorised groups, you might want to append a site admin role by default so that site admins will always see any restricted panel regardless.
Other panel types you'd need to inherit and do test wherever it's doing the rendering.