Users on a webapp I'm building have multiple objects that are "theirs" Let's pretend the object is called Toy
.
I want them to be able to set privacy options for their Toy
s so they can set the following visibility options:
- Friends of friends
- Friends
- Only allow a defined set of people
- Friends only, but deny a set of people (to keep it a secret from some people)
So say I have the models like so:
class User(models.Model): # actually a profile but simplifying
friends = models.ManyToManyField(User, through='Friendship')
class Toy(models.Model):
owner = models.ForeignKey(User)
I'm struggling to see how to layer on the permissions data and logic.
I could add a permission_state
variable that stored the above choice and then have a m2m for options #3 and #4, or have separate m2ms for DENY and ALLOW.
But given a User
, how would I filter for all toys that the user could see without doing umpteen different queries? I ideally want to generate a list of Toy
objects in one trip to the database.
Or am I approaching this the wrong way?