Access Control Lists
ACL versus Django Permissions
Currently we use the
flag in the
User model to indicate that a
user can access the admin site.
Outside of that we use the
access.models.GroupUser to define what
access groups a user is a part of.
How permissions work
Permissions that you can use as filters can be either explicit or general.
Admin:EditAddons means only someone with that permission will
If you simply require that a user has some permission in the Admin group
you can use
% means “any.”
Similarly a user might be in a group that has explicit or general permissions.
They may have
Admin:EditAddons which means they can see things with that
same permission, or things that require
If a user has a wildcard, they will have more permissions. For example,
Admin:* means they have permission to see anything that begins with
The notion of a superuser has a permission of
*:* and therefore they can