I've got a project with quite a few admin-actions. Currently I'm registering them like so:
#admin.action(description='Some admin action description')
def do_something_action(self, request, queryset):
pass
Some of these are being added to the admin-class of another app so I cannot simply add the function directly on the class where they are needed.
The problem is that these actions are shown project-wide, on every admin-screen.
How can I stop this behaviour, and manually set them where they are wanted? If it matters, it's Django3.2.
As I couldn't find out why these actions are shown project wide, I decided to manually override the get_actions function.
Firstly, a Mixin was created to deal with the exclusion of certain actions.
class ExcludedActionsMixin:
'''
Exclude admin-actions. On the admin, you're expected to have
excluded_actions = [...]
Keep in mind that this breaks the auto-discovery of actions.
You will need to set the ones you actually want, manually.
'''
def get_actions(self, request):
# We want to exclude some actions from this admin. Django seems to auto assign all general actions
# that aren't included in the class by default to the entire package. But we have some actions
# intended for another package here. This wouldn't work.
actions = super().get_actions(request)
# so let's recompile the actions list and keeping excluded_actions in mind.
for excluded_action in self.excluded_actions:
try:
del actions[excluded_action]
except KeyError:
pass
return actions
This Mixin is used to do both local overrides in specific apps, but also to create a 'default' admin which contains the most wanted
class DefaultAdminActions(ExcludedActionsMixin, admin.ModelAdmin):
# There are a number of actions we want to be excluded pretty much everywhere. Instead of
# setting them again and again, we'll just delcare them here.
# And import DefaultAdmin instead of admin.ModelAdmin
excluded_actions = ['unwanted_action1', 'unwanted_action2', 'unwanted_action3']
Other approaches are more than welcome.
Related
Can Django be used to create a website for creating custom websites depending on the user needs? There will be more than one template and each user will have a custom url for their websites.
I don't know if this can this be achieved with Django CMS.
Sure, it is possible but it requires ton of work, because you need to write bunch of templates, or/and logic that handles templates.
You could write TemplateMixin, that depending on passed domain, or kwarg in url changes the template in the View. So, for example, it could look like that:
class TemplateMixin:
template_name = None
request = None
model = None
def get_template_names(self):
"""
Return a list of template names to be used for the request.
Must return a list. May not be called if render_to_response() is overridden.
"""
db_settings = Settings.objects.get_or_create()[0]
if self.template_name is None:
raise ImproperlyConfigured(
'TemplateResponseMixin requires either a definition of '
'\"template_name\" or an implementation of \"get_template_names()\"')
template = db_settings.website_template
ready_template = '/'.join([template, self.template_name])
return [ready_template]
There are also solutions for handling multiple domains, so you could detect what current domain is via self.request in get_template_names method. The templates are handled by prefix. The kwargs also should be in self.kwargs, so you can detect which site you need to present via custom namespace url.
You can also create WebsiteSettings model that handles various templates, and is manageable via simple custom dashboard panel, and belongs to user, or user groups. The fields that it should have is 'template' with choices attribute, relation to User (or CustomUser model), and bunch of settings you want to give a user (or you could have different model('s) for that).
The solution I bring here is simple to show the idea - but it can be insufficient, to accomplish what you really want you must write the whole mixins, views etc. logic yourself.
In Django I'm trying to implement some kind of a "security middleware", which gives access to certain db information only, if the logged in user matches.
Up to now I found two approaches: middleware or custom function in manager (Both explained here Django custom managers - how do I return only objects created by the logged-in user?).
Example for cleanest solution: custom function
class UserContactManager(models.Manager):
def for_user(self, user):
return self.get_query_set().filter(creator=user)
class MyUser(models.Model):
# Managers
objects = UserContactManager()
# then use it like this in views
data = MyUser.objects.for_user(request.user)
However, this solution only works, if you have control over the code which invokes this custom function (here: for_user()).
But if you are using third parties apps like Django-REST, Graphene or AdminViews, they don't have the possibility to configure a specific query-func to use.
My goal:
Replace the default Manager
Add user-based filters to query_set
Use the model as normal in all app configurations
Idea (pseudo code!)
from django.x import current_user
class UserBasedManager(models.Manager):
def get_queryset(self):
return super().get_queryset().filter(author=current_user.name)
class Book(models.Model):
title = models.CharField(max_length=100)
author = models.CharField(max_length=50)
objects = UserBasedManager() # The default manager.
Now I could use the model Book as normal in all extensions.
I know this solution would have some drawbacks, which are okay for me:
Can be only used when user is available (e.g. no direct script support)
Handling no or anonymous user is missing (left it away to keep example short)
My use case
I have a project, which shall give access to data by different interfaces (admin pages, custom views, rest, graphql).
As I have so many interfaces, I don't want to implement the access-rights in the views. This would cost too much time and is hard to maintain and the risk for security problems in one specific view/interface is too high.
Let's say I'm storing commits of git repositories in a database.
And the user shall get access to all commits, which are part of repos the user has READ access.
The question is: How can I implement this as a generic, view/interface independent solution?
Install django-threadlocals package and call get_current_user function to get the current user
from threadlocals.threadlocals import get_current_user
class UserBasedManager(models.Manager):
def get_queryset(self):
current_user = get_current_user()
return super().get_queryset().filter(author=current_user.name)
I have a pluggable app for Django that provides a few forms. The forms have a few settings associated with them that control some of the forms' behavior (e.g., labels, initial values, and so on).
I've followed a blog post to set the default settings for the pluggable app, and that works well under normal circumstances. However, in tests, where I provide overrides, the overrides do not get applied at all.
Here's the code for one of the forms:
if settings.CURRENCY_FORM_INCLUDE_EMPTY:
currencies.insert(0, (settings.CURRENCY_FORM_EMPTY_VALUE,
settings.CURRENCY_FORM_EMPTY_LABEL))
class CurrencyForm(forms.Form):
currency = forms.ChoiceField(
required=False,
choices=currencies,
label=settings.CURRENCY_FORM_LABEL,
initial=settings.CURRENCY_FORM_INITIAL_VALUE)
Obviously, the moment class is defined, settings like label and inital value are applied immediately, so overrides have no effect on them.
I ended up with a rather hackish solugion of evaluating all settings in form's __init__ method:
class CurrencyForm(forms.Form):
def __init__(self, *args, **kwargs):
super(CurrencyForm, self).__init__(*args, **kwargs)
choices = list(currencies)
if settings.CURRENCY_FORM_INCLUDE_EMPTY:
choices.insert(0, (settings.CURRENCY_FORM_EMPTY_VALUE,
settings.CURRENCY_FORM_EMPTY_LABEL))
self.fields['currency'].label = settings.CURRENCY_FORM_LABEL
self.fields['currency'].choices = choices
self.fields['currency'].initial = kwargs.get(
'initial', {}
).get('currency', settings.CURRENCY_FORM_INITIAL_VALUE)
currency = forms.ChoiceField(required=False,
choices=())
Obviously, lots of moving parts. I'm not very happy with this code. How do I properly test the settings' effect on the forms without resorting to these hacks?
I don't get what you're trying to do. But as an advice, you should think this in a more object oriented way. For example, instead of using that if statement, you should define everything and just plug what you use.
If you have 2 forms, and want to use 1 of them at each time, you could have some setting, like:
settings.FORM_TO_USE = CurrencyForm
And when you want to instantiate you can do:
def my_view(request):
form = settings.FORM_TO_USE()
Lastly, try to manage the tests separate from the configuration. If you're unittesting django, it shouldn't care what the settings are.
I'm using (and learning) Django on my newest product, and I just installed and started using django-registration app to allow my users to auto-register themselves.
Everything's working good, but I'm thinking about assigning every new user to a specific group (already created), so I can "separate" the admins from the normal users.
How can I do this? The documentation about this app is awful, IMO.
I didn't create any model or configuration to start using the django-registration app.
I ended up making a fork for this, as this was driving me crazy.
https://github.com/kcunning/django-registration
Basically, add the following to your settings.py file:
REGISTRATION_DEFAULT_GROUP_NAME="Groupname"
Any user added through the registration module will be given that group upon creation.
To start, I'm not an expert at d-r (django-registration) and actually only checked it out because you mentioned it in your question. So, if anyone else has a better answer please submit it. Anyway, here it goes.
I noticed that the way users (or "profiles" as d-r calls them) are created is found in the create_inactive_user function located in registration.models.RegistrationManager. So, in this function after:
new_user.is_active = False
new_user.save()
You could add something like:
default_group = Group.objects.get(name=WHATEVER_THE_GROUP_NAME_IS)
user_group, is_created = UserGroup.get_or_create(user=new_user)
user_group.group = default_group
#user_group.groups.add(default_group) # Django ver. 1.7+
user_group.save()
You could probably do without the get_or_create as I don't think you can create more than one user with the same username, but I would rather be safe than sorry.
This method will cause you to edit the d-r files (which may not be the best thing to do) along with hardcoding certain things (such as the default group name), but it should be a good stepping off point.
PS. the default group name could be a variable located in the settings.py file, which would make it more accessible and pretty. Example:
settings.py:
DEFAULT_GROUP_NAME = 'YOUR GROUP NAME'
registration/models.py:
default_group = Group.objects.get(name=settings.DEFAULT_GROUP_NAME)
Anyway, hope that helps.
django-registration-redux has custom signals that can be used to assign registered user to a specific group. "user_registered" signal can be used for this purpose. Please refer to django-registration-redux documentation
from django.contrib.auth.models import Group
def user_created(sender, user, request, **kwargs):
group = Group.objects.get(name='Kurum')
group.user_set.add(user)
user.save()
from registration.signals import user_registered
user_registered.connect(user_created)
Hey everyone, I am pretty sure this is a fairly common problem.
So in order to register an account my site you need an email address from certain school domain (like facebook). This wouldn't be that big a problem until you start integrating other apps, like django-notification and django-registration and django-socialregistration into your site where they are sending email via user.email.
I have asked my users and most of them want an 'active_email' option - that means that they can change the email to their designated gmail or whatever.
I have come up with the following solution which isn't the cleanest of all:
First, I inherit from User in django.contrib.auth and call this new class MultipleEmailUser, with email=active_email and official_email=sch_email.
Then I override django.contrib.auth's UserManager to change the API slightly,
And the most painful part is to change all the source code that has User.object.find() to MultipleEmailUser.find().
Can someone suggest me a cleaner way? (My biggest headache arise from other apps only permitting to send email to User.email.)
You don't need - or want - to modify the User class. Just set up a UserProfile class with a OneToOneField back to User, and set the AUTH_PROFILE_MODULE setting. See the documentation.
Rather than a true datastore attribute, you could use a property called 'email' to expose access to whatever data you want.
Basic property syntax (from the python docs):
class C(object):
def __init__(self):
self._x = None
def getx(self):
return self._x
def setx(self, value):
self._x = value
def delx(self):
del self._x
x = property(getx, setx, delx, "I'm the 'x' property.")
In your case, you could create true datastore attributes named, for instance, auth_email and active_email. Then, the User.email property could perform some logic in its getter function, to determine which one to return (i.e. if active_email is set, return it; otherwise, return auth_email)
It's worth noting that the syntax for property has undergone some flux. As of python 2.7, it can be implemented in a more readable way, as a decorator:
class User(BaseModel):
#property # email
def email(self):
if self.active_email:
return self.active_email
return self.auth_email