Whats the difference between DjangoModelPermissions and DjangoObjectPermissions?
I'm still learning Django and DRF and according to the docs, they seems to do exactly the same thing.
DjangoModelPermissions:
This permission class ties into Django's standard django.contrib.auth model permissions.
DjangoObjectPermissions
This permission class ties into Django's standard object permissions framework that allows per-object permissions on models
For the later, it seems like it has something to do with Django’s permission framework foundation which has no implementation. and apparently, django-guardian fills in this gap.
In Django admin, I'm able to assign a Model's CRUD permission to users and groups, so what does the later add?
I'm trying to wrap my head around this permission system. What are the differences and what should I know about them?
DjangoModelPermissions is all about permissions to interact with a database table which are represented as models in code while DjangoObjectPermissions are permissions to interact with individual rows in the table which are model instances in code.
Basically, the object permissions are granular permissions which give access to some rows in a table but can restrict access to other rows in the same table
Related
In a Django Application, I have a model called application.py which is created by a user say "u". I want to list all the application created by the user "u" later, so i may need to add a reference to the model application.py from user.py.
I have one more requirement , as an admin , i need to provide access to any number of users to the same applications. So I assume this can be done with many to many relation.(Since users can access many applications).
Now the question is , is it possible to implement this behavior with user groups ,with one group is responsible for handling one application, so that in a later point of time i can add as many users as needed from the backend to respective groups to manage the same application.?
Which one is better , managing the users using many to many relation with model application.py or relating a group to application.py
and managing users using groups.
There are multiple ways to solve this, but it from a future flexibility point of view this sounds like a Role, Permission and Group relationship:
Applications have a many-to-many relationship to Users through a Membership.
Each membership would point to a Role. That could be hard-coded to start with (just a string like 'admin' or 'viewer').
This way a User can be associated to an Application as viewer or as an admin.
In the future, to add flexibility, you would have a model Role that describes the role (and could be associated to one or more Permission models to list the permissions for each role). So Membership would have a pointer to Role via a ForeignKey.
Check the documentation on extra fields on a many-to-many relationship.
There are also packages that solve this problem, e.g. django-permissions and django-role-permission
I am implementing social-app-django (not the deprecated one; the one that relies on Python-social-auth) with django 1.11 (not using Mongo). My application will need to store and manipulate a lot of data on users other than that which is fetched from their social media accounts at login.
I don't need to fetch or collect any extra data when the user authenticates, but various actions they perform on my site will need to be saved to their user model. I am wondering which of the following approaches is preferred (I've searched extensively online, but can't find a specific explanation of why to use one vs the other):
Create my own user model in my app's models.py (call it MyUser) that doesn't extend anything special, and then add a function in the authentication pipeline that associates the social-app-django user with a corresponding instance of MyUser. Leave AUTH_USER_MODEL and SOCIAL_AUTH_USER_MODEL unchanged.
or...
Create my own user model in my app's models.py, and in the project's settings.py set AUTH_USER_MODEL and SOCIAL_AUTH_USER_MODEL to point to MyUser. Leave the pipeline unchanged. In this case, I was wondering whether someone could clarify what MyUser and its manager should extend, and what I need to import in modules.py (I am confused because a lot of stack overflow posts are referring to deprecated versions of this module and I keep getting errors). Also, in this case should I be setting both AUTH_USER_MODEL and SOCIAL_AUTH_USER_MODEL, or just one of them?
Do these two methods essentially achieve the same thing? Is one more reliable/preferred for some reason? Or, should I be doing both? Thanks very much for any assistance.
Another detail: I would like to be able to access the User database not only from the app I am currently building, but also from other apps (within the same Django project) that I will build in the future. Does this affect anything?
Since I see this has a decent number of views I will post the solution I eventually came to.
Both django and social-app-django (or any other social auth module) make use of the default User model for authentication. While it's possible to edit this model to add custom parameters, I don't recommend it. It's not good abstraction or modularization. If you make a mistake when configuring the model, you won't just break a specific feature on your site, but you might also break the authentication itself.
The only circumstances I can think of under which you'd want to edit the default user model itself is if you need to make changes that affect the authentication flow itself (for example, adding your own custom authentication provider).
It's much easier and safer to create a new model called UserProfile, with a required one-to-one relationship to a User object. Now, you can treat the User object as the authentication part, and the UserProfile object as the content/storage part. You won't have to mess with the User model very often, and the UserProfile model doesn't matter for authentication purposes. Note that in this configuration you should NOT need to change the AUTH_USER_MODEL or SOCIAL_AUTH_USER_MODEL fields in the settings.py file.
If you take this approach, you will need to add a custom step in the authentication pipeline in which you create a new UserProfile object and associate it with the User who is currently logging in.
I have a 'Document' model which has many-to-many relationship with User model.There is a separate web page in my project which displays the Document instance in a text editor.
Now suppose user who created one document wants to invite other users to this document.But he wants to give read-only permission to some and read-write permission to others.
How do I implement this permission functionality in Django?How do groups and other permissions frameworks work in Django?
Django Group and Permission applies on model itself. So for a specific entry of document if you want to give access to user in that case you need to change your schema of Document model. Just add a users_who_can_read=ManyToMany(Users), users_who_can_write=ManyToMany(Users), and at your view.py when a user is trying to load a page just check if he is in users_who_can_read or not.
I think it should solve your problem without much problem.
I know how permissions/groups/user work together in a "normal" way.
However, I feel incomfortable with this way to do in my case, let me explain why.
In my Django models, all my users are extended with models like "Landlord" or "Tenant".
Every landlord will have the same permissions, every tenant will have other same permissions.. So it seems to me there is not interest to handle permission in a "user per user" way.
What I'd like to do is link the my Tenant and Landlord models (not the instances) to lists of permissions (or groups).
Is there a way to do this? Am I missing something in my modelisation? How would you do that?
django.contrib.auth has groups and group permissions, so all you have to do is to define landlords and tenants groups with the appropriate permissions then on your models's save() method (or using signals or else) add your Landlord and Tenant instances to their respective groups.
In my Django project, I would like to add a custom permission to the User model imported from django.contrib.auth.
(Specifically, a permission to allow/deny the user to change their password).
I do understand how to add permissions to my own model, however, I would like the ability to extend an existing model.
Is this possible?
These instructions are a bit outdated, but should give you an idea on how to extend the User model via inheritance, so that you could add any new functionality to the subclass.