I have been following along with the django tutorial and have Polls appearing in the administration panel of the site.
Additionally, I have, using django-registration package, created a way to allow a user to login and register a new account.
How do I grant this user permission to create objects in the Polls such that appear in the admin panel of the website?
Also, these users will not be staff so they will not be able to log in to the administration portion of the website. Is there a way to create Poll objects in a form?
Also, these users will not be staff so they will not be able to log in to the administration portion of the website. Is there a way to create Poll objects in a form?
This is literally what you do on page 4 of the django tutorial. Finish the tutorial, and you will answer your own question.
https://docs.djangoproject.com/en/dev/intro/tutorial04/#write-a-simple-form
Related
I'm building an app for someone, one of its function is it allowers the owner to upload blogs to the website.
So i'm wondering if i should create a page for uploading blog or just give him staff permission so he can create and upload it through django's admin panel.
I want to know if this is safe or if it will be worth it to create a front-end template for just one person to use.
It all depends on a lot of things but I will say my opinion on some scenarios:
best practices: ya for sure you have to create a full template page with decorators that allow only staff account to access just like the admin, also don't ever depend on the admin panel even if you wanted a dashboard for an admin just create customized admin template, also some developer just remove the default admin panel on deploy, or may be make the end point of the admin panel instead of '/admin' they make something like that 'SAF#saf$%OIL>$/' to hide it for security
If it works leave it : if we are talking here on simple ecommerce app ya its fine just make a staff account for the owner so he could access the admin panel its fine
if you want to add permissions to the owner account use groups and add the account you created for the admin to this group then go to groups table and add what table should users of this group have access to it's totally fine
only make a customized admin panel when you need more functionality and visualization
I am working on Django and I create my Custom Admin Panel, But I want the same functionality of permission like as Django Default admin Panel. I create functionality for the Blog model in my Dashboard, if I log in as a super-admin and I give Normal User to blog view only permission then Normal user should not access add and edit access on my dashboard, Currently normal user also can access add and edit access on the admin panel which I developed.
I added the functionality for Admin and Normal User, if a user is admin then he can access my dashboard otherwise he/she will re redirect on the homepage.
But my problem is, how I can create permission-based functionality on my dashboard, I will give permission from Django default admin panel.
Please let me guide, Does I need to create the same URL's like Django default admin panel or there is another way to solve this issue. it's a very big problem for me please give me the correct solution.
please send if you have any documentation or solution for this.
We have merchants with campaigns in our project. Currently, we - as superuser - manage all merchants' campaigns. However, some merchants require access to campaign management so that they can control the process and set new campaigns themselves.
There is a possibility to create the second admin site and set permissions so that only merchants can log in. However, what we need is - to filter only the campaigns owned by logged in merchant and also, when creating a new one the merchant_id should be prefilled and readonly.
Is it possible to do it using the second django admin site or should I create a special frontend interface for this purpose? Is it possible to set permissions per user-object pair (in django admin)?
Edit: I found django-guardian https://github.com/django-guardian/django-guardian/blob/devel/README.rst that should be able to do what I need.
In my Django app a user can register to the site and receive staff_user privileges from the admin.
After that the staff user can create and manage some other users (normal users) using default django admin site.
Now, I would like to let the staff user see and manage only the users he created from the admin site, I don't want him to see other users created by another staff user.
how can I do that? I imagine I need to modify admin.py right?
Don't modify the admin site.
In general, you have the following tools available:
Create groups
Add users to groups
Create custom permissions on your models, to indicate certain actions
https://docs.djangoproject.com/en/1.4/topics/auth/#custom-permissions
However, what you are asking: Now, I would like to let the staff user see and manage only the users he created from the admin site is not possible in django-admin.
The Django-admin site is only intended as a glorified development tool for fully trusted users, not as a customizable app for end users.
If your project requires an admin site with any of the following ...
Customized administraion functionality.
Exposure to any user that is not completely trusted.
... then I'm afraid you have to create your own custom app.
You can replace the stock UserAdmin with your own which overrides queryset() and does the filtering. The bigger issue is what to filter by. The default User model does not store a "created_by" in the model instance. So you would need to add this information whenever a User is added.
How best to do this depends on your Django version.
Django 1.5 introduced a "Configurable User model" which makes this very easy.
https://docs.djangoproject.com/en/dev/releases/1.5/#configurable-user-model
In earlier versions you would either have to monkeypatch the User model, or store that information in a separate "user profile" attached 1:1 to the User.
https://docs.djangoproject.com/en/dev/topics/auth/customizing/#extending-the-existing-user-model
Regarding the trusting of users (which wasn't a topic but I feel the need to comment on thnee's answer) in the Django admin, check out the links in my answer here: Should I use Django's Admin feature?
Im developing a google app engine and django based site and i'm tring to figure out what's
the best approach to solve the problem, the site requirments are as follows:
There must be a super administrator who's only task is to create second level administrators and assign them to a group.
Second level administrators can create regular users and those users are assigded to the same group from the admin that created them.
Regular users don't do much besides login and logout.
I've been reading and i think i can solve 1 with the (login: admin) GAE feature for app.yaml.
I don't want to use google accounts neigther openid because second level admins are
the only allowed to create users.
For 3. Is it possible to use django session utility to handle regular users ?
I'd appreciate suggestion for a particular point or the whole thing.
For 1:
login:admin in app.yaml will prevent users that are not associated with your GAE project from visiting that URL or set of URLs. Any user associated with your GAE production project is an admin. You can create additional filtering inside the application by confirming the username that they are currently logged in with.
from google.appengine.api import users
user = users.get_current_user()
email = user.email()
For 3:
I am not sure, we ended up rolling our own.