so i have a many to many relation between my own Role model and the django auth permission model, the thing is, i tried to get all permissions associated with a specific role like this role.permisos (permisos being the many to many atribute), it works ok.
Now, im looking forward to add that queryset to a form, but before that i tried to filter some permissions i don't want the user to see
i did role1.permisos.exclude(name="Can change somethings") (being role1 an instance of role) but it just dosn't work
If you're working with a template, add it to your context. If it's a class-based view, override the get_context_data method.
You can also do it overriding the get_initial_data method.
Related
For example I create permission like this:
Permission.objects.create(name='Can add',codename='can_add',content_type=1)
Now if I want to apply this permission in some view I need to use permission_required decorator like this
#permission_required('app.can_add', raise_exception=True)
def some_view(request):
...
Here I need to exactly match the permission code_name in the decorator in order to apply the permission .
But what if admin(not developer) created new permission with different codename than the codename which is used in a view? We should go manually to the code and edit the codename ? Or is there any better solutions?How can admin apply the newly created permission in the view without manually going in the code?
I am thinking it from the normal user perspective, after we gave the project to the client.How can he/she manage such things?
Note:I am not using django default admin panel
Simple answer: creating custom permissions via the admin doesn't make any sense indeed since the code won't know anything about those permissions (and the permissions don't know anything about your code either FWIW).
If your app needs custom permissions, you create them via code (ie in a migration), and deploy them together with the code that uses them. Then the admins can assign those permissions to selected users or groups as they see fit.
For my application I need to do extra operations when a model is saved via form. In practice, I need to add a value in another model if certain conditions are present in the form.
To do this I have two options, but I want to understand the pros and cons of both.
Use the post_save signal
Overwrite the save_model method in admin.py, since it is said in the documentation that "Overriding this method allows doing pre- or post-save operations."
I currently use the latter in this way
def save_model(self, request, obj, form, change):
#some pre save operations....
#this call the save model method
super(MyModelAdmin, self).save_model(request, obj, form, change)
#some post save operations...
and it works
But what I want to understand is:
For what I must do, what are the differences between the two approaches and what is the most correct.
Is the save_model method related to the use of the admin interface? What happens if I use another frontend different from Django's admin?
In general, what is the difference between doing pre and post save operations overwriting save_model and using signals?
I think you got it right. And this might help you to understand the difference.
save_model method from ModelAdmin called when you are trying to create or update something from django admin only but signals are triggered regardless of place where actions happened. Which means pre or post operations in save_model method won't work if you change model from somewhere outside of django admin but signals will work for both from outside of admin views and from your custom written code blocks.
If possible i would prefer to add signals over overwriting the save_model. Signals allow certain senders to notify a set of receivers that some action has taken place. They're especially useful when many pieces of code may be interested in the same events. Also it is like event driven programming paradigm. That helps to make code organize and clean.
Let us take a rather regular example of the process. We want to register a new user and we also have created a profile model that we want a user's profile saved only when valid User information is saved.
We can create a new User in the Django's admin and use the saved_model method in the ModelAdmin to save other parts of the form to the Profile model. This is the "normal" way of doing it. But using this way, you can only access the User and the Profile from the Django Admin panel. A "User Registration" form outside of the Django Admin would not work since the User would have to be registered to access Django Admin controls.
But using the post_save signal, a new User and Profile can be created and updated whether you use the Django Admin panel or a custom form that saves to the User and Profile models.
Therefore using signals is the most flexible but you will now have to make sure you have a way of validating the information coming from the custom form.
While creating a custom user model I saw these two methods:
has_perm()
has_module_perms()
Also I encountered these two methods when I tried to create Custom Permsion in django-rest-framework.
Could someone please help me understand what they are and exactly where or how can I use them?
These methods are covered in the Django docs.
has_perm checks whether the user has a specific permission, for example:
user.has_perm('polls.can_vote')
has_module_perm checks whether the user has any permissions for that app, for example:
user.has_module_perm('polls')
I am using django admin site to let people manage database easier.
For some reason, I want to hide some data from some user.
Let's say I have a model named Book and there are a lot of books in database. I want different user has the different scope of books he can view.
How would I do that?
I am thinking about permission. Is that possible to set the permission to filter the data?
I know how to create permission according to a specified model. However, after that, how do I suppose to use that permission? I believe I may need to override part of "changelist_view" method under BookAdmin class, right?
Any help would works.
Thanks in advance
Use the queryset method on your admin model. Something like:
class BookAdmin(admin.ModelAdmin):
def queryset(self, request):
return super(BookAdmin, self).queryset(request).filter(owner=request.user)
Obviously the filter will vary depending on your book model, but this is the general idea.
Django's databrowse is very different from the rest of django in that the docs literally don't exist. Has anyone tried to do more that databrowse.site.register on a model? Any code examples?
In particular, I've got a model that has a ForeignKey to an auth.Group and I want databrowse to use this queryset instead of .all():
qs = Model.objects.filter(group__in=request.user.groups.all())
Bonus points for making it possible to have a button that does stuff with the current object (edit/delete/clone/etc). I basically need a simple way to browse and edit rows without giving users access to the admin.
It'd be even better if there was a way to do that on the admin, but I don't want to give users the staff privilege.
There's no way to do this through databrowse. You could try writing a custom Manager for your Model and return the required query set by default.