I want to be able to efficiently find all user with a particular permission and then among those users find all users who have a particular flag (I extended the base User model and created my own, which has the flag). I was wondering what is the easiest/efficient way to do this? I was reading the below (among other sites):
How can I get all objects a user has specific permissions to in django guardian?
But they dont seem to be helping in my situation. Please let me know if there is an article I missed, thanks!
[EDIT]
I read the following page:
http://digitaldreamer.net/blog/2010/5/10/get-all-users-group-django/
Basically I want to get all users who have a particular permission AND who have a certain flag. Right now I can do: User.objects.filter(organization_id = id) to get all users within a particular organization as per my code. But within that list, I want all users who have a particular permission.
I asked a question related to django-guardian and answered it myself after much research. I believe you should be able to find your answer here: Django Groups and Permissions. Extending Groups to have a FK?
UPDATE
You could do something like this:
user_list = []
for user in User.Objects.filter(organization_id=id):
if user.has_perm('PERM NAME'):
user_list.append(user)
See this link for more details: http://packages.python.org/django-guardian/userguide/check.html
You could do it as mentioned above. But by chaining filter statements, it is also possible. I referred to this other question: How to get a list of all users with a specific permission group in Django. By chaining both filter statements, I can get all users with a permission and all users with the certain organization_id.
Related
I am using allauth for registering users and I would like to give permissions to users automatically after they created a local account or using social login.
A good example would be only 1 user to be able to create posts and comments whilst the rest of the users to be able to only create comments.
Looking around I have seen that you can create Groups and through those you can give certain permissions, is this the right way to handle this? Or are there some better avenues worth exploring?
Many thanks.
I am new to django. I want to edit default user auth_permissions. More precisely I want to add an integer field in addition to "label", "code" features to distinct permission types (like strong, moderate and etc.). So far I could not find anything like this. I tried to make custom permissions, but could not add them to the permission database. Anyone could help me?
Per Object permission
When i first got into django i also tried relying on the permissions framework within django, I also found the permissions were too broad and inefficient, which lead me to researching django-guardian, I tried to submit an edit to the Django project itself to make more object-base permissions with no success, they said as per object permissions were too personalised for the framework.
The thing is, after getting to work in the industry i realised how people do these permissions in the industry (which honestly was something that bugged me), they mainly create custom login middlewares to keep track of authentication types and add the checks on the view itself. So basically you will have to check in the view who the user is and if you want to give them permission to whatever.
When in MIT they kept asking me to make some weird permissions and I created a table called ExtraordinaryPermissions, this had a ForeignKey to the user and could be used to check within the views what objects the user had access to
It is troublesome, but as-per-object permissions are handed this way in the industry
good luck
Is it possible to get the following information using Facebook Api:
Does the user belong to a specific group?
Has the user posted a certain news on their personal page?
If so, which methods should be used and which permissions will be required? Thanks in advance
Does the user belong to a specific group?
Theoretically via https://developers.facebook.com/docs/graph-api/reference/user/groups/ - but not sure what permissions that would actually need; docs say, “Returns an empty data set if the User is not a member of a Group, or has not granted the app any Group-level permissions.”, but the only permissions left with “group” in their name currently are groups_access_member_info and publish_to_groups - you’d have to test if either of those work for this purpose.
Has the user posted a certain news on their personal page?
You can only go through their posts, and then look at the content to see if it matches what you are looking for; there is no way to search for specific keywords, links or anything like that. Requires permission from the user to access their posts of course.
(But if you think of using that to force users to post a certain thing to get access to any content, or reward them in any way for posting something specific, please be aware that that is absolutely not allowed. https://developers.facebook.com/docs/apps/examples-platform-policy-4.5)
I am building a website where you can keep your private portfolio, logs, etc using Django.
All courses, documentation, I came accross so far give all users the possibility to view all entries made by all users (e.g. blog, posts etc.). However I want to restrict any user from viewing & READING other users' data.
How can this be best achieved? Is there an extension available? I know that django doesn't have row-level permissions, but there are extensions for that available such as Django-rules.
In my case however I want restrict a user from viewing other users' data. In other words, a user can only see his/her porfolio and is also not in any way able to CHANGE, UPDATE, DELETE any entries which is not its own.
I found that django-guardian does the job.
I'm working on a django project in which users can post articles and vote on them. But the users are not supposed to vote on their own articles. Currently I'm using the permission system with django-guardian. My idea is to grant a kind of 'anti-permission' so that only the author can't vote on their own articles.
My reasoning is that in this way all the permissions can be handled in a unified protocol, separately from view functions(instead of putting conditions inside them). And if there comes future requirements like this, they can be handled elegantly.
But it does not look semantically right to use "permissions" in this way. Just wondering if there's a better way of doing it?
Thanks for your help! :)
Write a manager that takes the context and then returns a list of objects that the user can vote on.
Use this manager in your view.