Need Ultimate Role Based Access Control System in Django and DRF
This is going to be a long message. Thanks for reading this.
Django already has roles, groups, permissions. Which is good for simple things.
I my case there will be a CEO user, whose account we will create through superuser command. And then that CEO will add new users through a React frontend UI interface, so there will be all APIs for creating new users, giving them departments and designations.
So, now every new created User will receive an email with a system generated and a link to change it to something, we will not let user login until he changes system generated password. We have already handled it.
Now in designations, there will be managers and their assistants. A assistant will have only the view access for the things created by his managers not to everything. So, Assistant will have the view access to few models, but not the complete view access to every single entity in the model, they will have view access to few objects that have been created by their Manager. CEO will have view access to everything.
Now, when CEO will be out of office travelling, then he can assign extra rights to any Manager and then apart from their own view they will be able to view all the other things as well.
Now, admin should be able to assign permissions to every Designations.
Apart from that, view will not be just be simple model based, there are other things involved as well. Like, now consider there are certain tasks. Tasks have some deadline, Assistant and Managers can ask for extensions.
So, if assistant is asking for extensions and if it's less then 3 days then a request will be sent to the manager. But if he is asking for more then 3 days, then it will be sent to the CEO. If a Manager is requesting for extension and if it's less then 3 days then it will be auto approved, but if more then that then Admin will receive the request.
There are around 80 endpoints(APIs). Will I have to write if else condition to check designation in every view and based on that make query set or is there any short way.
Also, CEO should be able to any time change the permissions.
I know in my case. CEO = Admin, Designation = role = Groups. Permissions = Permissions.
How can a roboust system like this can be created. Is there any guide or library or package for this thing. I hope I am able to make myself clear.
If this is not RBAC related, then let me know what exactly this thing is called.
This is an example screenshot of how exactly I want the permissions assign window should look like in frontend.
Permissions can be assigned to a designations / User as well. We don't want to handle these things manually through Django Admin panel. It should have it's own Panel in React UI.