I have a question: there's employee app in my project and I want employees to have different titles such as sales representative, manager and etc. and my views behave differently depending on employee's title. For now I have model Titles (title_code, title_name) but I feel like it could've been done with Django's builtin modules. So what do I use for building hierarchy? Groups, roles or permissions?
The django groups, role and permissions system is for allow or denay action in administration pannel, for this reason these three components work together.
If in your application all these type of user have access in admin pannel I suggestion you to use the Groups, roles and permission system
But If your users haven't the access to admin pannel you can avoid using it.
In first option you can create a different roles for every users and allow some permissions for each but if you have groups of users with same permission you can regroup they in a group. For more info view this https://docs.djangoproject.com/en/4.0/topics/auth/default/#permissions-and-authorization
If you do not need any specific privileges for each employee title, then choices would be pretty simple to implement like below
Sample Example
from django.db import models
class Employee(models.Model):
SALES_MANAGER = 1
HR_MANAGER = 2
ENGINEERING_MANAGER = 3
ROLE_CHOICES = (
(SALES_MANAGER, 'Sales Manager'),
(HR_MANAGER, 'HR Manager'),
(ENGINEERING_MANAGER, 'Manager'),
)
employee_title = models.CharField(max_length=100, choices=ROLE_CHOICES, default='Manager')
But do note that if you want to add new employee title's then a re-run of migrations would be required. If you need to avoid this then groups would be a better choice.
from django.db import models
from django.contrib.auth.models import Group
class Employee(models.Model):
employee_title = models.ManyToManyField(Group)
With groups, you would be able to create new entries without any migrations directly from admin panel.
Related
In Django admin panel
I create groups and give permission to them.
eg:
Create a Student Group and give it permission to view the student model.
Create a Teacher Group and give it permission to view the student model and add the student model.
create user using API and added to those groups,
and also staff status checked for each user.
When users log in on the admin panel that shows Site administration You don’t have permission to view or edit anything.
How to solve it.
I've got the same issue, tried every solution out there but they're all either outdated or not useful to my case. First let me ask you some questions.
1- What version of django are you using?
2- Do you have ModelBackend set in your AUTHENTICATION_BACKENDS like that?
AUTHENTICATION_BACKENDS = [
...
"django.contrib.auth.backends.ModelBackend",
...
]
3- If you're using a custom user model, have you extended PermissionsMixin in your class like that?
class CustomUser(AbstractBaseUser, PermissionsMixin):
# Fields
If you've done all of that and still stuck at it, like myself, then i'm not really sure what could help us. Anyway, i'll keep you posted if i get to know anything else.
In my Django project I have users that every user may have different permission (some one has only read permission but others may be both read and write permissions) I want to add permissions field to django auth_user_groups table like this:
here is my models.py:
from django.db.models import *
from django.contrib.auth.models import User, Group
from django.db.models.signals import post_save
class MyUser(Model):
user = OneToOneField(User, primary_key=True)
Volume = IntegerField(default=5*1024*1024)
def create_profile(sender, instance, created, **kwargs):
if created:
profile, created = MyUser.objects.get_or_create(user=instance)
post_save.connect(create_profile, sender=User, dispatch_uid="create_profile")
is it possible to do that ?
I would recommend you to create an additional table with an one-to-one relationship to auth_user_groups to solve your issue rather than fiddling with that. This is a similar approach as the one suggested in the docs. Alternatively you would have to do a lot of work in order to provide your own models.
EDIT: Following up on the first comment: It is not possible to expose this model as the respective many-to-many field of the User model does not use an explicit intermediate model (in fact the many-to-many field belongs to PermissionsMixin, from which AbstractUser is derived, from which User is derived).
An one-to-one field is essentially a many-to-one foreign key with unique=True. Therefore, you could instead create two foreign keys, one for User and one for Group with unique_together and then use these.
Django provides permission to to group of users and individual users, You can create multiple groups and assign permissions to those groups. And assign groups to each user. So user withina a particular group will have same set of permissions.
Refer here for more https://docs.djangoproject.com/en/1.8/topics/auth/default/#permissions-and-authorization
I have a Django application where I need to restrict specific Views to subset of Users. I also want to be bale to edit which Users have this permission via the Django Admin. So in the admin I would like to be able to see all users and have a check box which can be checked to give permission to see this specific Views.
I believe the way to approach to this is to a permissions decorator on the Views in question:
from django.contrib.auth.decorators import permission_required
#login_required
#permission_required('user.can_view_restricted', login_url='/accounts/login/')
def Restrictedview(request, template_name='restricted.html'):
...
# restricted stuff
Now I know I need to define this permission (in permissions.py?), and register it with the Admin. I am unsure of how to do this and how to properly associate the permission with a specific User instance. Should this be an extra field on 'User', or a separate model to hold model to hole Users and Permissions?
You can read in details about django permissions in the docs
https://docs.djangoproject.com/en/dev/topics/auth/default/#permissions-and-authorization
Basically Django permissions use the Permission model, which is found at django.contrib.auth.models, but for most applications you don't need to directly import or use that model.
By default Django creates 3 default permissions for any model you have in your app. If you have a model named MyModel in an app named myapp, then Django will create create_mymodel, change_mymodel, and delete_mymodel permissions by default.
You can check if the user has a certain permission by calling
user.has_perm('myapp.create_mymodel')
if you're checking for the create permission for example. Or, like you did, you can use the decorator
permission_required('myapp.create_mymodel')
In addition to the default permissions provided by django, you can define custom permissions on your models by specifying the permissions attribute in the Meta class of your model like this:
class MyModel(models.Model):
[...]
class Meta:
permissions = (
("can_deliver_pizzas", "Can deliver pizzas"),
)
More on defining custom permissions here: https://docs.djangoproject.com/en/dev/ref/models/options/#permissions
By default, permissions can be easily edited for every user using the admin interface. Just visit a certain user's page and there will be a field named User Permissions with a list of all permissions in your project, from which you can add or remove permissions for your particular user.
I need to implement user rights for user groups (pretty similar to facebook groups). For example, each group can have members with rights like: can_post, can_delete, can_ban, etc. Of course, one user can be a member of many groups and group can have many different users with different rights.
What models I need for this functionality?
Django has a built in groups system. Whenever you have a question like this, I recommend searching the Django docs, which are extensive, helpful, and well written.
So long as you are using the django.contrib.auth app, you have access to groups. You can then assign permissions to those groups.
from django.contrib.auth.models import User, Group, Permission
from django.contrib.contenttypes.models import ContentType
content_type = ContentType.objects.get(app_label='myapp', model='BlogPost')
permission = Permission.objects.create(codename='can_publish',
name='Can Publish Posts',
content_type=content_type)
user = User.objects.get(username='duke_nukem')
group = Group.objects.get(name='wizard')
group.permissions.add(permission)
user.groups.add(group)
I just want List user to be under permission , so i just made one custom model like below
from django.db import models
from django.contrib.auth.models import Permission,User
class Mycustomuser(User):
class Meta:
permissions = (
('users','users'),
('view_user', 'View user'),
)
In views i simply called
items=Mycustomuser.objects.all()
It is returning user id with 4 only.
I did so because i made following permission using django guardian
task = MyCustomuser.objects.create()
joe = User.objects.get(username__exact='admin')
assign('view_category', joe, task)
Now i want to check that permission whenever MyCustomuser is called.
It is not necessary and also not recommended to extend User model. See Storing additional information about users.
That said, you can create Permissions without setting permissions model Meta attribute, see Programmatically creating permissions.