Skip to content

Permissions

Jump to bottom
Joshua Ferrara edited this page Nov 12, 2018 · 1 revision

Sporkify Permissions

User Levels

All user levels are specified in the Employee object in the backend models.py file.

The user levels currently available are:

  1. Employee
  2. HR
  3. Supervisor
  4. Admin (this one is kinda pointless)

User levels cascade, meaning that if someone is level 3, they are also considered all user levels with smaller numbers (meaning, 1 and 2).

Managing page access

The backend permissions.py files contains decorators that can be imported to protect entire views defined in views.py.

For example, if you only want supervisors to have access to a specific page, you can use the @supervisor_login_required decorator. An example of this in use can be found in the frontend views.py file on the sales, reports and vendors views.

Conditionally displaying DOM elements in templates

The permissions.py file - in conjunction with a template processor in sporkify/settings.py - provides three variables in the context for all pages. The variables are as follows:

  • is_hr
  • is_supervisor
  • is_admin

These can be used with {% if ... endif %} tags to conditionally hide/display items on the page depending on user level. See the employees.html template for an example.

Clone this wiki locally