I'm new(this is my first project) to web development. I'm creating an internal data management for the company i work for. We have different departments(like r&d, product development, etc) which I have instantiated as objects via Django admin. I have created employees as normal Users in django admin. I would like to know how I can create a model/anything which can tell me the department manager.
Django auth user has reference to the group model. So you can create a group called Teamleader in group table(django admin) and while creating a user link the user to the group desired for his role
Related
Im trying to handle a use case where i have 2 roles. (admin , customer)
There will be an admin portal and a customer portal (2 different login pages ).
An admin can invite a customer
An admin can be a customer as well , can invite himself into the customer portal
An admin account must not share the same password as the customer account.
Email is used as the unique field for both admin and customer account.
For example :
Admin account
- customer#email.com /password1
- List item
Customer account
- customer#email.com /password2
Solution 1:
- Permission. Having 1 account with admin permission and customer permission.
(This cant work to fit the bussiness use case)
Based on this article:
https://simpleisbetterthancomplex.com/tutorial/2018/01/18/how-to-implement-multiple-user-types-with-django.html
Solution 2:
- Creating 2 django projects. One for each user model since both accounts cant share password. The reason for separating into 2 projects is because resources such as session,login, logout will not be shared. So each portal(admin,customer) has their own resource.
A create Customer API to allow admin to create a customer account in customer django project.
A shared db to share related data
This is the only way i can think of to handle the use case. Please let me know if anyone has a better idea to handle this.
Try setting the username field to the email first, if you want the user to log in via email, otherwise remember that the username is how the user logs in. Next, create a profiles app. In this app, create a profile model that will have an OneToOne relation with the Django user model (You can call the profile model via. user.profile). In this profile model, you can create a Boolean Field that distinguishes between a customer and an admin. This way when the user logs in, you can check there profile and render the appropriate template. Another way you can do this is via the Groups model already built-in, create 2 groups one for admin, and another for the customer, you can have when the customer registers to be set automatically as a customer, and admins only to be created to the Django admin or a separate portal if you choose.
I need to develop a scenario of users and groups in my django application there are three groups
- Admin
- Manager
- Employee
Generally admin is available by creating superuser and I need to create the users for different groups
- Admin can access all the records created by all users
Now my requirement is some users are belongs manager group and some normal users belongs to employee group..
How the associate user belongs to manager group can fetch his own records along with his subordinate user's records from employee group
I'm fully confused to give relation between normal users with an associate user from manager group.
How can I assign some employee users to a manager user?
Just to make sure we are on the same page, you wish to have the following user structure:
An Admin can see EVERYTHING
A Manager can see HIMSELF and all his associated Users
A User can see HIMSELF and that's it
So technically, there's only a relation between Managers and Users
Assuming your Admin is not the same as the native admin role from Django, you could setup the following logic:
Extend the User model with a 1-to-1 relation to your custom model. Let's call it Profile.
One of the field in Profile could be the role which would either be Admin, Manager, or User (might want to create a referantial table and use a foreign key)
Another field could be related_manager which would be a foreign key to the user model. It would be a way to say "that user is my manager"
You would need to add specific control in your model, notably:
related_manager is required (or optional?) if user is "User".
related_manager is forced to None if user is not "User"
related_manager must be a user with 'Manager' role
You'd probably have to setup signals to handle "What happens when a Manager, who had users to manage, becomes a basic User?" Do these users become manager-less? Or maybe you prevent it from happening, and a manager can only be demoted once he has no user attached? It all depends on what you want
Note that this is one of many ways to deal with your situation
We have merchants with campaigns in our project. Currently, we - as superuser - manage all merchants' campaigns. However, some merchants require access to campaign management so that they can control the process and set new campaigns themselves.
There is a possibility to create the second admin site and set permissions so that only merchants can log in. However, what we need is - to filter only the campaigns owned by logged in merchant and also, when creating a new one the merchant_id should be prefilled and readonly.
Is it possible to do it using the second django admin site or should I create a special frontend interface for this purpose? Is it possible to set permissions per user-object pair (in django admin)?
Edit: I found django-guardian https://github.com/django-guardian/django-guardian/blob/devel/README.rst that should be able to do what I need.
I am working on a project which needs a separate admin interface. The django admin interface is for the super super user, there will be companies who will sign up for our app and then they will have their own admin interface. Everything is set and done despite the permission. We want model level permission that's what Django provides.
What I did is:
class CompanyGroup(models.Model):
name = models.CharField(max_length=254)
permissions = models.ManyToManyField(Permissions)
Now this list all the permissions of the site itself. So, Should I start working on my own permission app or I can modify django Permissions to provide object level permissions for only some models.
Thanks
Try one of the several existing 'row level' / 'per object' permissions apps for Django:
http://django-guardian.readthedocs.org/en/v1.2/
http://django-object-permissions.readthedocs.org/en/latest/
...there are probably others, those are just the first two in Google
We are using django-guardian in current project at work, seems fine.
I am assuming that you need to control access to sub-sets of each model's objects, depending on which company the current user belongs to (i.e. you don't want people from Company A to see items from Company B). For this reason you need row level permissions.
You probably also need to limit the permissions of all 'company users' to only certain actions:
You do not need to create a CompanyGroup class.
Instead just enable the admin site, log in as super user and create a django.contrib.auth.models.Group which contains the global permissions applicable to company users.
then ensure when you create any new company user logins that they are added to that Group
In my Django app a user can register to the site and receive staff_user privileges from the admin.
After that the staff user can create and manage some other users (normal users) using default django admin site.
Now, I would like to let the staff user see and manage only the users he created from the admin site, I don't want him to see other users created by another staff user.
how can I do that? I imagine I need to modify admin.py right?
Don't modify the admin site.
In general, you have the following tools available:
Create groups
Add users to groups
Create custom permissions on your models, to indicate certain actions
https://docs.djangoproject.com/en/1.4/topics/auth/#custom-permissions
However, what you are asking: Now, I would like to let the staff user see and manage only the users he created from the admin site is not possible in django-admin.
The Django-admin site is only intended as a glorified development tool for fully trusted users, not as a customizable app for end users.
If your project requires an admin site with any of the following ...
Customized administraion functionality.
Exposure to any user that is not completely trusted.
... then I'm afraid you have to create your own custom app.
You can replace the stock UserAdmin with your own which overrides queryset() and does the filtering. The bigger issue is what to filter by. The default User model does not store a "created_by" in the model instance. So you would need to add this information whenever a User is added.
How best to do this depends on your Django version.
Django 1.5 introduced a "Configurable User model" which makes this very easy.
https://docs.djangoproject.com/en/dev/releases/1.5/#configurable-user-model
In earlier versions you would either have to monkeypatch the User model, or store that information in a separate "user profile" attached 1:1 to the User.
https://docs.djangoproject.com/en/dev/topics/auth/customizing/#extending-the-existing-user-model
Regarding the trusting of users (which wasn't a topic but I feel the need to comment on thnee's answer) in the Django admin, check out the links in my answer here: Should I use Django's Admin feature?