Using the permission model directly sounds perfect to allow some users to manage devices or device-types without superuser permissions. But sounds difficult to manage access to specific object:
Permissions are linked to Objects itself, like allowed to view any TestJobs, not allowed to see one specific TestJob
So how to express the possibility to view a specific devices?
Using only groups (no user field) for TestJob, Device and DeviceType sounds a good idea.
We can make a device and device-type private. Add a set of groups to the device (the groups are automatically added to the corresponding device-type). Only users in the groups can view the device or the device-type.
Moving from the current model to the new one is then a matter of:
For devices owned by user: create a group with only this user inside and use the group instead of the user
Remove the user field
Better if we can avoid the use of content_type
Make filtering/querying a bit more difficult IMHO
I agree, especially if we only do group permissions, then we need only one table anyway