Basically I would like to have a permission system like Linux file system. I want to classify the permissions whether the user is in the same group as the owner (creator) of the object.
Example scenario:
User can change objects created by someone in the same group as them.
Group Admins can change and delete any object created by users in their group.
Is it possible to do this with default django permission system? If not, is there a package you could recommend?
I hope I am not missing anything basic in django docs but I couldn't find a way to accomplish this.
Related
I am developing a Django website where I can create groups, where permissions can be assigned. I can also assign groups to users.
There is a simple way to check if a user has a permission:
user.has_perm('app_name.permission_code_name')
What I want to know is if there is a simple way to check if a specific group has a permission (without involving the user at all)?
You can do something like this:
for group in Group.objects.all():
permissions = group.permissions.all()
# do something with the permissions
Or, a better way would be:
group_ids = Group.objects.all().values_list('id', flat=True) Permission.objects.filter(group__id__in=group_ids)
This link may be able to help you further.
In my wen application i mad different login for different person like for HR ,for engineer ,for owner using django user creation form , and authenticate them using Django authentication ,now everything is work very well i am able to add user from the front add
but the problem is that everyone get same power and authority , i can change it from the admin penal but it will not be beneficial for my client/user I WANT ALLOW DIFFERENT KIND OF PERMISSIONS TO DIFFERENT GROUP OF USER(daynamicaliy with using django penal) show How can i do that.
(i'm beginner so its request to all of you to give answer in some detail format)
THANK YOU
If you refer to the docs here, there is already a default system where you can add or remove permissions to a specific group of users. What you should do next is to create different subclasses for different types of users.
So your models will look something like this eventually:
class User(models.Model):
# just keep whatever you had here
# Engineer and Manager will both be subclasses of User
class Engineer(User):
# add whatever permissions you have
class Manager(User):
# add different permissions
In this way, you will be able to apply custom permissions to different groups of people.
I want to build the admin site in a way such that, users in a certain group will be able to perform CRUD operations - to records related to their group only.
Is there a way this can be accomplished?
You can easily use the Django Permissions and Group to create this. As the documentation states:
When django.contrib.auth is listed in your INSTALLED_APPS setting, it will ensure that four default permissions – add, change, delete, and view – are created for each Django model defined in one of your installed applications. Read here
You can then easily create Groups with certain permissions such as assigning only read permission to certain group and R/W to another in the Django Admin. If you need more finer record level access certain third party apps will help you such as Django Guardian or Django role permissions
I have list of users in Sitecore tied to Active Directory. I would like to associate a default Start Url in the User Profile for particular Roles instead of setting them manually per user. I am unable to find a configuration in the Security Tools section of the Desktop nor in the configuration files. Is it possible to accomplish this? If so, how?
The answer is to create a custom profile it seems and assign a default value specifically for a text field named "StartUrl":
http://digital-learnings.blogspot.com/2015/02/customising-experience-for-sitecore-ad.html#.VXcH3UadqW4
As far as I know, there are 3 permission levels available to use in django (whether by django itself or by using 3rd party apps).
1) Model-based permission
2) Object based permission
3) Row-based permission
It would be great if you tell me the exact differences between these 3 levels of permission system.
Not sure where you got that info, but it's not even remotely correct. Django technically doesn't have any permission system. The auth contrib app adds a system of "permissions" but it's optional and could be replaced entirely with something else. The admin app (also a contrib package, and optional) uses auth, so if you're talking about the Django admin, or using the auth package with your own app(s), then we can talk.
In auth, you have Users, Groups and Permissions. Users come in either "superuser" or "regular" user flavors, and every model in your project gets three Permissions automatically when you run syncdb (with auth included in INSTALLED_APPS): can_add, can_change, and can_delete. Users marked as "superusers" (is_superuser == True), can take any action on any model. Other users need to have Permissions explicitly assigned to them. Further, Groups may have Permissions assigned to them, and then, any User assigned to that Group inherits those permissions.
So, a user could have no ability to do anything with any model, some combination of add, change or delete capability with some or all models or complete access to do anything with any model. There's no concept of "object-based" permissions, in the sense of an "instance". You can either either edit every instance of an model or none. There's also no concept of "row-based" permission. A row in the database table is merely an instance of the model, anyways.