I have two classes User and Groups. User has Many To Many relation to Groups.
User extends BaseUser (which has some mappings) and Group extends BaseGroup(also with mappings). BaseUser has no #OrderBy annotation for Groups. Question is: what is the annotation I should add into User which will allows me to override #OrderBy?
PS: BaseUser and BaseGroup are located in third party's bundle. I unable to edit them
Related
what is BaseUser in django . why is it used?
What role does it play during the creation of custom user model and why attributes it present ?
BaseUser is base class for every Django user class. Also, BaseUerAdmin is inherited from BaseUser.
I have an model named Customers(username,password ..etc) and also an model named User(username,password...etc).
I want to create two different APIs with different authentication.
One should authenticate with the User username,password
and the second should authenticate using the Customers username,password.
Any idea on how can I do this?
Thank you!
I suggest the following options:
1.
I am assuming User model is the "real" user of your app. If this is true use the django's default User model class. It will work out of the box.
For the Customer model, make it inherit from AbstractBaseUser, this will give you password functionality out of the box and you can add other fields as per your need.
Now you can create 2 different urls for login. 1 url for user which checks in the User model and the other for the customer model. This avoids any confusion for everyone.
If you prefer a single url, you have to mention the model class along with username and password to know in which table to verify them.
2.
Create two profile models: UserProfile and CustomerProfile
Each will have a one to one relationship with the django's default User model.
Basically a User can have the profile of a "real" user or of a customer.
In this case when you are creating any User you have check if you want to attach a UserProfile or a CustomerProfile.
In this case it makes sense to just use a single login url. From the user's login information you can first fetch the user from the User table and then check if it is a customer or not by running a query in the CustomerProfile table.
I recommend you to use the django.contrib.auth.user class for your classical authentication. You can either inherit from that class or add a OneToOne relation to your own model as follows
from django.contrib.auth.models import User
class YourUser(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
For the rest of your question you should add some more details and even some pieces of your code.
I have followed a few tutorials and starting to understand the syntax.
I am trying to build a real world working application - a marketplace (like an AirBnB).
Users type 1 can sign up and list their booking available for rent.
User type 2 can add the details of their item they are booking in
Visitors can browse available bookings for rent.
Admin - superuser access
Should I create 2 user models (seller_user, buyer_user)? of have 1 User model and define roles differently using CanCan or similar?
Whats the best rails way to do this?
One possible solution is to make the User class be used only for login and the user would belong to a Renter or Tenant via a polymorphic association, as in:
class User < ActiveRecord::Base
belongs_to :identifiable, :polymorphic => true
end
If you don't know what polymorphic associations are, you should read this tutorial.
This code would be used like this:
subscriber = Tenant.find(1)
user = User.new
user.identifiable = tenant
user.save
So, your Tenant or Renter is going to be related to one user, the :identifiable field is a relationship (a polymorphic relationship) to another object.
With this a user could use this identifiable association to be a Tenant or a Renter and your SessionsController would be reused for both of them (and all the authentication logic too, since it would live inside of User and not these other classes).
Add a roles column to User table.
rails g migration AddRoleToUsers role:string
Then use Cancancan gem.
https://github.com/CanCanCommunity/cancancan
Read cancancan readme.
You can set what access Users have with the ability.rb
class Ability
include CanCan::Ability
def initialize(user)
user ||= User.new # guest user (not logged in)
if user.admin?
can :manage, :all
else
can :read, :all
end
end
end
The above shows that a user.admin? can view the full crud of any model. If you're not admin you can only read any model.
You might want to use active_admin gem to control the app on the backend.
Have fun!
Use case:"
I have a the standard user model that have a Userprofile model that contains among others the field region that is a ForeignKey to the Region model.
Users can be in permission groups that are standard for Django.
In django-admin user model page the user kalle in the site-admin group can see all users. The user pelle is in the regionA1-admin group can see all users who have their userprofile region set to regionA1."
What is the best practice in django to handle this use case in a secure way?
And it could be other models than User. Regions can be added and deleted. Region is used in this case but could be one or more fields that form the criteria. This shall only apply to the django-admin interface and not when interacting with the database on the regular site.
I'm looking for a way to implement exclude filter in django admin list view.
The case is the following:
In django admin I have a list of model instances, and I need to be able to show only instances that does not belong to some user for example (the user is the FK in the described model)
Is there any solution for this case?
You can always make your own filter. See an example here.