I created a Custom User Model by basically copying and pasting the full example given in the Django Docs. But in the docs, they unregistered groups. But in my project I will need groups because I'll have different uper types. So how can I still have groups and add my custom users to them?
Try using a customGroup class extending the Group class, or a custom group class from scratch according to requirements
Related
I am setting up a member site using django, in which members belong to groups that they create and then invite other users to join.
It seems that what I am looking for is to use the django groups functionality, but the documentation on how to go about this is minimal at best - at least I haven't found any. It basically talks about creating groups in the Admin console, which is not what I am trying to do. I would like to do it programatically/dynamically.
Another way to go about this would be to at a foreignkey to the User model up to a group model, however I can't add a foreignkey to the generic User model.
I have read lots of stuff that google threw up at me from my searches. none helpful.
How would I go about this?
Thanks
Well a Group is just another model in Django (one of the models defined in the Django library).
You can thus create a group with:
from django.contrib.auth.models import Group
g1 = Group.objects.create(name='Name of the group')
The Group model has two many-to-many relations: one to Users (with related name users), and one to Permission (with related name permissions). So we can use the corresponding managers to add and remove Users and Permissions.
Then you can for example populate the group with users like:
g1.user_set.add(user1, user2, user5, user7)
You can also add permissions to a group with:
g1.permissions.add(perm1, perm3, perm4)
I have two models: Domain and Record. Many records link to a domain. The domains and records have their owners. I want to disallow users to create records in domains that they don't own. However they should be able to edit records if someone else (a superuser e.g.) created them and set owner to that specific user (even if they don't own a domain). This should work both for admin site and for API (rest_framework)
My question is - what is the simplest way to achieve this goal? Is there some django plugin that handles permissions for linking? Can I use model validators here (if so - how to distinguish if a new object is created)?
The problem here is that the Django Rest Framework and Django itself (via admin) are interacting only at the level of the models. In order to achieve your goal I would implement the following design:
Make the models aware of their owners and users. For that I would use django-audit-log.
Overwrite the default model Manager and build your logic in the create method, where I will query the user's attributes and throw appropriate exceptions.
Such a design shifts some of the business logic from the controller to the data model - there are some debates out there about the benefits and pitfalls of such an approach. But with the underlined constraints (Django admin and API) is the only common place where you could put it.
Is this what you are aiming for ?
I quote from the documentation:
"Permissions can be set not only per type of object, but also per specific object instance. By using the has_add_permission(), has_change_permission() and has_delete_permission() methods provided by the ModelAdmin class, it is possible to customize permissions for different object instances of the same type."
https://docs.djangoproject.com/en/1.5/topics/auth/default/
I can't find any info about how to set this up. I want users to only be able to change instances of a model which they are attached to, not all instances of that model.
That refers to the Django admin. Here's how you define an admin model:
https://docs.djangoproject.com/en/1.5/ref/contrib/admin/#django.contrib.admin.ModelAdmin
And here's how you define permissions:
https://docs.djangoproject.com/en/1.5/ref/contrib/admin/#django.contrib.admin.ModelAdmin.has_add_permission
(I asssumed you're using Django 1.5, and not the latest, 1.6.2)
I'm creating CMS and now facing some issue I need your advice. I have few different modules (apps) I can define custom permission to them - in model i define custom permissions like "view_store", "edit_store", "delete_store" and so on. And then I have defined different user groups (I want to have group based user access control) - admin, editor, vip, user.
I'm creating these groups when running one time command to initialize CMS (manage.py initcms) and I want of course all the right permissions will be added to the group in the same time.
initcms action is running after the syncdb, so all the models are in DB (info about permissions also of course).
I have something in my mind... If this is good way to go or you have the better one? Let me describe mine: I want to give for example for vip user all the permission from all the models (which have this permission defined) to "view_*". It means vip can view everything. I have an idea when initializing database just grab all entries (all permissions) which fits pattern "LIKE view_%" and then add these all to group's permissions.
But then the problem if the new module will be added... I need to re-run this action and check if all the permissions are right... Maybe there is some dynamic way to deal with group permissions?
One possible solution is to use Django Signals, which can be triggered before or after a model's save mothod has been called or after or before any M2M action takes places, after syncdb etc... You may select a proper signal that fits you best and then call a function that checks related permissions and add or remove any if necessary...
I have a model class Project and for each model instance, there should be a 'group' of users who may edit that instance. I guess I could add another model class called ProjectEditor to add those editors. Is there a better way of implementing this? What about checking for permissions? I would need to write my own permission method then too, right?
Thanks
Eric
Django Guardian seems to be the best solution today for Model instance level permissions.
Model (table) level permissions can be achieved using the groups facility provided by Django auth. Groups let you create custom permissions at a model level. Instance (row) level would be trickier. You would most likely have to write a custom mechanism to accomplish this.
Here is a Django Snippet that might give you some ideas.
There was an open source release for row/object level permissions by the washington times team that might be of use:
Django Object Permissions Proof of Concept