Custom user model #519
Comments
|
As an aside, creating a custom model would allow us to solve issues like #518 permanently by overriding the |
|
Just a thought, we might be able to store the faculty information as a group instead of a custom field. While a custom user model is still preferred in the long term, it's very hard to switch over at this point. Doing the faculty-as-a-group thing might be easier short-term |
|
What approach do you guys think is better? Going the custom user model route, or the group route? |
|
At this point I would be against implementing a custom user model for all the migration hassles it would cause. It's a shame, but I wouldn't want to jump through those hoops for what we're missing out on right now. I'm assuming that by extending the user model, you mean what the Django docs calls a "proxy model". If we went that route, does that mean we could distribute the proxy model as a part of DSC federated_auth? Having something like a Even if it wasn't distributed in DSC, having all the bespoke UU-SAML-related fields (assuming there might be more in the future) compartmentalized in a proxy model appeals to me. Just plug and play different proxy models if we know some kind of schema change from IAM is coming in the future.
I'm okay with the tradeoff of having a
If it worked, I would still not be in favour of this, it's like planting a massive "DO NOT TOUCH THIS MODEL OR EVERYTHING EXPLODES" bomb in the codebase. But it's fun to think about jank solutions. |
Yeah, I agree... It's probably not worth it.
No, proxy models cannot have extra fields and are thus not the solution for this problem. I was referring to the 'create an extra model and link it with a one-to-one' method described on the linked page. (Although, a proxy model can be used to avoid hide of the jank created by this method I guess? Just create a property that passes stuff to the related model? Not sure if that's really worth it tho, as hiding jank is not always the answer)
We could, but I don't see the benefit. Every app is going to have its own unique set of attributes, so creating a generic one is not really helpful. (As it either will be filled with unused fields, or just a very large file of extremely simple classes). In addition, ethics should be the only app that doesn't have a custom user model, which can just hold the extra fields there instead. (Which, imo, is the way it should be done).
In the unlikely scenario IAM wants to change attributes, we can just update the attribute map. That way we only have to update some config, and not our actual code.
Creating a proxy model for this purpose appeals to me; not entirely sure if the external function really makes sense over the proxy model approach tho?
Actually, one of the more successful solutions to switch to a custom model does something similar:
If not for the DB hacking, it's almost elegant. |
|
Ah yes, I see now that the docs refer to a one-to-one linked as a profile model. That's the one I would consider attaching the faculty or other SAML-ish fields to. You make a valid point about distributing such a model with DSC: if we ever find we do need more fields we can add those to a profile model at that time, and otherwise we should probably defer to YAGNI.
You are right, using external functions is a tradeoff that we don't have to make. Now that I understand the difference between proxy and profile models we should probably just use a proxy model for user methods anyway. So then considering we have a good enough and easy to implement solution for user methods in proxy models, the remaining question is as follows: how does a profile model compare to the group solution for assigning faculties? Groups feel very django-esque, and they would allow us to add users to multiple faculties where they have blended roles. But then they would be mixed in with all the other groups a user belongs to. If we ever end up asking "which faculties does this user belong to" rather than just "is this person in GW", we might regret using groups rather than a custom So despite the YAGNI principle mentioned earlier, using groups here feels like locking ourselves in. My current preference would go to a Am I making sense? Sometimes I can have an overactive imagination for future problems. |
You are definitely making perfect sense here, I think you make a very good case for using a custom It would mean we can not use Django's built-in access control mixins, but it would be easy to create our own (based on Django's mixins). The only (hypothetical) potential problem would be that we can not assign permissions to those objects like groups, but we don't really use permissions anyway. The only point I would change is using said model through a different profile model. It's not needed, we can create a ManyToManyField from the faculty model to the User model directly instead. Maybe in the future we'll need a profile model as well, but to apply a little bit of YAGNI we can postpone that until it's actually needed. |
Currently we use the default user model, which is fine for now.
However, if we're going to keep track of people's faculties (#509), we're going to need to add fields to users.
Django offers two options:
(See https://docs.djangoproject.com/en/4.2/topics/auth/customizing/)
The first is easy, but not as nice and somewhat limited. The second is hard, but imo a lot better.
The text was updated successfully, but these errors were encountered: