I need to create a system that has custom views for my users
how do large companies or large systems to have several views (screens or UI's) for their different types of users, for example, having a UI for the admin panel, another UI for employee profile and that average users do not enter the admin panel? I know with authorization and authentication, but how do you program it? How do they do it? I'm using Django and I'm using a decorator login required and user_passes_test(lambda u: check_group(u, 'RRHH'), login_url='/denegado/'). and what that does is see if the user who is logged in belongs to HR shows the view, if not, it redirects him to denied and denied redirects him to the view to which he belongs, look:
def redirigir_por_grupo(request):
if request.user.groups.filter(name='RRHH').exists():
return redirect('sucursales')
elif request.user.groups.filter(name='Gerentes').exists():
return redirect('gerencia')
elif request.user.groups.filter(name='Empleados').exists():
return redirect('perfil')
but I don't know, I feel that it is not the safest and most optimal way, I think right. To tell the truth, it is the first time that I have made such a complex and full stack system and I am interested in it being extremely secure and following the best practices.
I want HR to have access to all apps and managements only to incidents and employees only to their employee app
I have asked this to IA's and they tell me to use the decorator, make a middleware (which I will do because I see that it has certain advantages) but they do not tell me more and I do not know if this is the right way to develop it and that it is not a security problem