Django supports security models and methods out of the box. They are Group and Permission objects. Permission is m2m related to internal Django User. I helps you relay on request.user later in your code. You often come to situations where you may need a view to be accessed only by certain group of users. For example you have the app that has two groups of users. One can search and another one can Index files. Simplest approach is to use Groups here. In fact you may use permissions in case your app will have several unique users that might do some stuff. In general best approach is to use Group to specify type of users and Permission to specify the role of users in this group. So if you will have Group called 'search' and it will have permission with name, say 'search stuff'. So when you will call: def my_view (request): # ... my view actions ... user_permissions = request.user.user_permissions.all() for p in user...
My thoughts/recipes on Django, Python, JS and other things I try...