For example I create permission like this:
Permission.objects.create(name='Can add',codename='can_add',content_type=1)
Now if I want to apply this permission in some view I need to use permission_required decorator like this
#permission_required('app.can_add', raise_exception=True)
def some_view(request):
...
Here I need to exactly match the permission code_name in the decorator in order to apply the permission .
But what if admin(not developer) created new permission with different codename than the codename which is used in a view? We should go manually to the code and edit the codename ? Or is there any better solutions?How can admin apply the newly created permission in the view without manually going in the code?
I am thinking it from the normal user perspective, after we gave the project to the client.How can he/she manage such things?
Note:I am not using django default admin panel
Simple answer: creating custom permissions via the admin doesn't make any sense indeed since the code won't know anything about those permissions (and the permissions don't know anything about your code either FWIW).
If your app needs custom permissions, you create them via code (ie in a migration), and deploy them together with the code that uses them. Then the admins can assign those permissions to selected users or groups as they see fit.
Related
I am working on Django project and I want to make model-based permission, my question is if I have an app named order, the default permissions are add_order,change_order,delete_order and view_order, so are those permission exists only for the admin side? I mean if try to delete a model object from order app in my view, not in the admin, what will happen, and if so I want to know if it will cause any errors? thanks
Out of the box, Django permissions are not implicitly checked in your own views, you have to apply the logic yourself.
You have a few options for checking the permissions:
User.has_perm(permission)
Perms template tag
The permission_required decorator
The PermissionRequiredMixin
More information can be found here: https://docs.djangoproject.com/en/3.0/topics/auth/default/#the-permissionrequiredmixin-mixin
I am creating a project with multiple services, each one represented as an app. I want to create a dashboard page where a user can see what apps they have access to, with staff users being able to add and remove apps via admin pages. What is the best model structure to do this? I.e. How should my models.py look? Is there a way to link such a table to the settings.py registered_apps tuple?
Sounds like what django admin do.
You can use django's permissions for that. Basically you assign permissions to groups and then you put your users in those groups (a user can be in several groups).
I am looking at the built-in authentication functionality from Django for my custom app.
If I understand this right, I can assign add, change, delete rights to models.
I am looking for a solution to assign view/show rights to a user.
My basic idea is to use the permission_required decorator for this, but as stated this only works for add, change, delete and in addition it seems only to work for models. I have functions where I am using multi-objects from models.
The best would be to have something that collects my custom permission_required decorators and gives me the possibility to edit this e.g. in the Django admin UI.
E.g.
#permission_required('user.profile.view')
def myProfile(request):
...
#permission_required('user.profile.edit')
def editMyProfile(request):
...
Any idea or suggestion is welcome.
Thanks in advanced!
Creating custom permissions is well documented. Once you've created custom permissions, you'll be able to assign them to users through the usual user admin page.
I'm creating CMS and now facing some issue I need your advice. I have few different modules (apps) I can define custom permission to them - in model i define custom permissions like "view_store", "edit_store", "delete_store" and so on. And then I have defined different user groups (I want to have group based user access control) - admin, editor, vip, user.
I'm creating these groups when running one time command to initialize CMS (manage.py initcms) and I want of course all the right permissions will be added to the group in the same time.
initcms action is running after the syncdb, so all the models are in DB (info about permissions also of course).
I have something in my mind... If this is good way to go or you have the better one? Let me describe mine: I want to give for example for vip user all the permission from all the models (which have this permission defined) to "view_*". It means vip can view everything. I have an idea when initializing database just grab all entries (all permissions) which fits pattern "LIKE view_%" and then add these all to group's permissions.
But then the problem if the new module will be added... I need to re-run this action and check if all the permissions are right... Maybe there is some dynamic way to deal with group permissions?
One possible solution is to use Django Signals, which can be triggered before or after a model's save mothod has been called or after or before any M2M action takes places, after syncdb etc... You may select a proper signal that fits you best and then call a function that checks related permissions and add or remove any if necessary...
I want to create a helper screen that can create a bunch of Django auth users on my site and have those accounts setup the same exact way as if they were done one by one through the Django auth GUI signup. What methods from Django auth would I have to use in my view to accomplish this?
To create users you can use the method create_user from the UserManager:
from django.contrib.auth.models import User
new_user = User.objects.create_user('username', 'email', 'password')
Then you can set is as staff new_user.is_staff = True or add permissions new_user.permissions.add(permission).
Check this link for more information.
What are you trying to accomplish exactly? Are you just trying to populate your user database with a bunch of fake/test users? Then simply do some logic to do so and save the models like you normally would.
If you require the UI to be used, one option you have is using Django's test client which allows you to pragmatically write get/post requests just like you were to be someone browsing the web page.
Hope that helps as a start.
A quick check here indicates you'd just need to use the input from your form to create a group of django.contrib.auth.models.User objects, and related/relevant groups of django.contrib.auth.models.Permission objects to associate with the User objects. Create, set permissions, save, and you're done.