One common requirement in an organization is to separate users in authorities (meaning departments / units / branches etc) and each authority have its own data. So users belonging to the “Athens Branch” won’t be able to edit data submitted from users of the “Thessaloniki Branch”.
This is a special case of the more general row-level-security in which each instance of a domain object will have an ACL. Row-level-security would need a many-to-many relation between object instances and authorities, something that would be overkill in our case.
Authority data is also a more general case of the user-data meaning that each user can have access to data that he inserts in the system. Implementing user-data is easy using the techniques we will present below.
We have to notice that the django permissions do not support our requirements since they define security for all instances of a model.
Using the above techniques we can define authority (or just user) data. Your AuthorityData should have a ForeignKey to your Authority and you have configure your queries, ModelForms and CBVs to use that. If you have more than one models that belong to an authority and want to stay DRY then you’d need to define all the above as mixins.