I am looking for the best way to implement user permissions to allow users to edit specific model instances.
For instance, I have such two models:
model RadioChannel(models.Model):
name = models.CharField(max_length=150, unique= True)
number = models.IntegerField( unique= True)
model ProgramSchedule(models.Model):
channel = models.ForeignKey("RadioChannel")
name = models.CharField(max_length=150, unique= True)
start_time = models.DateTimeField()
Now my Operators are my build-in Django users. I want to make groups for these users so that they can only add/remove/edit ProgramSchedules that are allowed. In addition I want to add groups to these users to the admin panel.
Thanks.
You are looking for an object permission implementation. A good comparison is here:
http://djangopackages.com/grids/g/perms/
Shameless plug:
Heres my fork of a very popular per-object permission app: http://github.com/azizmb/django-authority
If I am getting you correct, what you need to implement is called row level permissions in Django. Have a look at this if it helps. http://code.djangoproject.com/wiki/RowLevelPermissionsDeveloper
I would recommend using Django Guardian for object-level permissions.
Related
In this django project I have two separate applications that I need to keep user account information separate. For example, if a person creates an account for app A, I need them to be able to make a separate account (with the possibility of using the same unique email for account creation) for app B. At this moment in time, it seems as though there is no way for me to handle having two separate auth models for two separate users. I am wondering what the django workaround for this might be, or if I am misunderstanding the problem in some way?
Here is an example user model that would work for both application A and B, but would need separate tables or models for authentication and account creation:
class GenericUser(AbstractUser):
"""abstract user class for user authentication"""
firstname = models.CharField('First Name', blank=True, max_length=100)
lastname = models.CharField('Last Name', blank=True, max_length=100)
email = models.CharField('Email', unique=True, max_length=100)
class Meta:
permissions = (
("some-permission", "some-description"),
)
First I tried creating two separate user entities in the models.py file in my django project, however when I finished doing this, there was nowhere to put the second user model in the settings.py folder. This is where I am stuck now.
May be you are looking for this .. django support multiple authentication model. in order to do this you need to create a custom authentication backend by inherit from 'django.contrib.auth.backends.BaseBackend' (you can specify different user model there, I think ) and specify the authentication model in the settings.py of the project.
For more information. check this doc
I am creating my first Django (ver 3.1) website which is simply a blog with a home page and store page. I want to create custom user groups that define specific roles (with unique permissions) for my blog.
These groups are:
Reader - anonymous viewers and new accounts; has read permission for all content only
Author - login required; has read and create permissions; edit and delete permissions for own content only
Moderator - login required; has all CRUD permissions for all content
Admin - login required, has all permissions (superuser)
All new users by default are in the Reader group. Author would either be assigned manually or eventually by an online form application to determine eligibility. Moderator and Admin would of course be manually assigned.
I am approaching this with possible future development, such as allowing user groups to be easily extended to other website pages. For example, a 5% discount for Author users applied to all store items, etc.
Which approach to creating user groups would be best for my situation? I have seen it done within the Django Admin Panel and by creating custom User Models via extending the AbstractBaseUser and UserBaseManager classes.
I think extending the AbstractUser model is a good approach. How about something like this?
class CustomUser(AbstractUser):
"Define the extra fields related to User here"""
first_name = models.CharField(_('First Name of User'), blank=True, max_length=20)
last_name = models.CharField(_('Last Name of User'), blank=True, max_length=20)
# - - - Some more User fields according to your need s
class Meta:
permissions = (("can_read_content", "To provide read facility on all content"),
#---------------------
)
Good day to all)
I created a custom user model with custom permissions. I have several projects and their permissions merged into one table('auth_permission'). Is it possible to somehow customize the table itself for these permissions to separate projects?(like db_table = '"schema"."table"' to the models.).Google did not give answers.
class TestUser(AbstractUser):
phone = PhoneNumberField(null=False, blank=False, unique=True)
email = CharField(unique=True, max_length=35, null=False, blank=False)
class Meta:
db_table = '"fyzzys"."users"'
permissions = [
("can_see_payments", "payments"),
("can_see_analytics", "analytics"),
]
UPD: Here is a screenshot that shows the permissions of two completely different projects at the same time from admin panel.
In order to give a user permissions, you will want to add the PermissionsMixin to the User model like so.
class TestUser(AbstractBaseUser, PermissionsMixin):
If you are using the AbstractUser you are actually already inheriting the PermissionsMixin.
The permissionmixin is a model within django.contrib.auth.models. It adds to the user model the following fields (columns in the user table); is_superuser, groups, user_permissions. The permissions mixin allows you to add (and remove) 0..*(many) individual or group permissions to a user.
To add permissions to a user you can then use.
from django.contrib.auth.models import Permission
# The permission needs to exist first.
permission = Permission.objects.get(name='Can view poll')
u.user_permissions.add(permission)
The code for for the django.contrib.auth.models.permissionsmixin can be found following the link.
I would love to have more granular permission in my Django project, but can't decide what app to use.
What I have is something like:
class Item(models.Model):
name = models.CharField(max_length=64, unique=True)
description = models.CharField(max_length=128, default='')
logo = ImageField(upload_to=/tmp, blank=True, null=True)
Now with Django standard permissions I have the possibility to choose between add, change and delete, what I want to have is an extended change permission, to offer the ability to give group rights only to change the logo for example, but disallow that same group to modify the item description. I don't want or need a user to entry relation, but simply give the possibility to different groups to edit single fields of a model using the standard admin interface. I'm even not sure if I am talking about per-object permission?
Does anyone know what's best to use or how I would implement it myself? I could also imagine to have read-only users who can access/read everything but won't be able to modify, this isn't possible neither.
Thanks for any help.
The most flexible but way would be to:
write some custom permissions (i.e. can_modify_descr)
write yur own Forms or ModelForms
write Views to render your specified forms.
finally you'd have to override some django admin templates and render your Forms in templates that extend some standard django admin templates.
As far as I can see this is the only way to achieve what you want, but also requires a lot of work.
One simple way to achieve that is to create many ModelAdmin for the same model (one for each "group"). To do that you need to create one Proxy Models for each "group" like this:
models.py
class Item(models.Model):
name = models.CharField(max_length=64, unique=True)
description = models.CharField(max_length=128, default='')
logo = ImageField(upload_to=/tmp, blank=True, null=True)
class ItemGroup1(Item):
class Meta:
proxy = True
admin.py
class ItemAdmin(models.ModelAdmin):
...
class ItemGroup1Admin(models.ModelAdmin):
readonly_fields = ('logo', 'description')
And then you just need to set the permissions of group 1 to only have access to ItemGroup1, etc.
See this post for more info: Using Proxy Models to Customize the Django Admin
If you want to handle this sort of thing beyond your admin site, take a look at django-logical-rules, where you can write your rules in python and access them from views or within a template;
I want to have django user profile where the user can add some objects (he can add more than one) e.g. his addresses, his products and their descriptions and so on. I've no idea how to do that.
The best way to do this is to extend the user model via AUTH_PROFILE_MODULE. There's a great tutorial (doing part of what you want) on James Bennett's blog.
Create a new model (say UserProfile) with a ForeignKey to the User model.
class UserProfile(models.Model):
address = models.TextField()
products = models.TextField()
user = models.ForeignKey(User, unique=True)