How to grant permission to view a page based on a hierarchy of users

I'm working on a user facing django application for an enterprise solution. Currently, users are able to categorize data on the site into private collections, visible only to themselves. A feature request is for managers to be able to view the private collections of their subordinates. 开发者_JAVA技巧

My issue is, what is the best solution for implementing this hierarchy? I've thought of a few solutions:

• A foreign key from user to user named manager. Create a @user_passes_test test that recurses through the manager relation looking from the owner of the collection until a) the requesting user is found to be a manager, or b) manager is Null, indicating the requesting user is not authorized to do access this page.
  • Benefits: simple hierarchy is accurately represented with minimum data
  • Drawbacks: A large hierarchy results in many queries
• Create a many to many relation between users and users called managers. Create all the relationships in this table.
  • Benefits: Only one query necessary, and users can have multiple managers.
  • Drawbacks: difficult to change the hierarchy when someone leaves.

I'm open to any other suggestions people have, as well.

---

A tree of uniform data (where the data referred to by nodes and leaves is of the same class) can often easily be maintained by an SQL-based tree structure. While you can always write one by hand, Django MPTT and Treebeard have both dealt with the issue. I've used Treebeard, but MPTT seems to be more popular.