In django-admin, we have 3 rules that we can attribute to a table we can add, modify and delete. When you choose for an user the rule of modify, he can't add and delete.
My problem is that a have list of object and I don't want that the user be able to modify but only choose.
How I can disable it?
It's complicated.
django-admin as the name suggests is intended for admins, who should be able to edit, delete and make new tables.
Maybe this topic will be helpful for you:
https://github.com/lambdalisue/django-permission/issues/67
View permissions in Django
Related
I'm looking for a way to make my own system of groups and permissions in Django. I know that Django by default brings a system of groups and permits, but in my project due to teacher requirements I had to create my own models.
You can create new groups and add permissions to those groups, but since they are not the default models of django I cannot use the template-level functions such as 'perms.car.add_car' for example. What I mean by this? That at the template level, I don't know how to validate if the user has the permission. I hope I have explained myself well, I await your answers and thank you in advance!
You should be able to access the current user's attributes from templates with {{user.some_attribute}}.
You can extend the default django.contrib.auth.models.User class with a one-to-one relationship with a CustomUser class you create, and access it from template the way described above, meaning:
{{ user.one_to_one_custom_user_field.some_attribute }}
For more info about extending User look at the docs.
In this CustomUser class add as you see fit:
functions for interacting with the user group classes you created and verifying whether current user is in them or not, or has the right permissions
flag variables (or any other indicative attribute) to indicate the user's groups and permissions.
Use one of these options as the some_attribute accessible from template.
I am implementing social-app-django (not the deprecated one; the one that relies on Python-social-auth) with django 1.11 (not using Mongo). My application will need to store and manipulate a lot of data on users other than that which is fetched from their social media accounts at login.
I don't need to fetch or collect any extra data when the user authenticates, but various actions they perform on my site will need to be saved to their user model. I am wondering which of the following approaches is preferred (I've searched extensively online, but can't find a specific explanation of why to use one vs the other):
Create my own user model in my app's models.py (call it MyUser) that doesn't extend anything special, and then add a function in the authentication pipeline that associates the social-app-django user with a corresponding instance of MyUser. Leave AUTH_USER_MODEL and SOCIAL_AUTH_USER_MODEL unchanged.
or...
Create my own user model in my app's models.py, and in the project's settings.py set AUTH_USER_MODEL and SOCIAL_AUTH_USER_MODEL to point to MyUser. Leave the pipeline unchanged. In this case, I was wondering whether someone could clarify what MyUser and its manager should extend, and what I need to import in modules.py (I am confused because a lot of stack overflow posts are referring to deprecated versions of this module and I keep getting errors). Also, in this case should I be setting both AUTH_USER_MODEL and SOCIAL_AUTH_USER_MODEL, or just one of them?
Do these two methods essentially achieve the same thing? Is one more reliable/preferred for some reason? Or, should I be doing both? Thanks very much for any assistance.
Another detail: I would like to be able to access the User database not only from the app I am currently building, but also from other apps (within the same Django project) that I will build in the future. Does this affect anything?
Since I see this has a decent number of views I will post the solution I eventually came to.
Both django and social-app-django (or any other social auth module) make use of the default User model for authentication. While it's possible to edit this model to add custom parameters, I don't recommend it. It's not good abstraction or modularization. If you make a mistake when configuring the model, you won't just break a specific feature on your site, but you might also break the authentication itself.
The only circumstances I can think of under which you'd want to edit the default user model itself is if you need to make changes that affect the authentication flow itself (for example, adding your own custom authentication provider).
It's much easier and safer to create a new model called UserProfile, with a required one-to-one relationship to a User object. Now, you can treat the User object as the authentication part, and the UserProfile object as the content/storage part. You won't have to mess with the User model very often, and the UserProfile model doesn't matter for authentication purposes. Note that in this configuration you should NOT need to change the AUTH_USER_MODEL or SOCIAL_AUTH_USER_MODEL fields in the settings.py file.
If you take this approach, you will need to add a custom step in the authentication pipeline in which you create a new UserProfile object and associate it with the User who is currently logging in.
I have a 'Document' model which has many-to-many relationship with User model.There is a separate web page in my project which displays the Document instance in a text editor.
Now suppose user who created one document wants to invite other users to this document.But he wants to give read-only permission to some and read-write permission to others.
How do I implement this permission functionality in Django?How do groups and other permissions frameworks work in Django?
Django Group and Permission applies on model itself. So for a specific entry of document if you want to give access to user in that case you need to change your schema of Document model. Just add a users_who_can_read=ManyToMany(Users), users_who_can_write=ManyToMany(Users), and at your view.py when a user is trying to load a page just check if he is in users_who_can_read or not.
I think it should solve your problem without much problem.
As you know, when give a can_view permission to a staff user, that user can view entire fields and able to make changes in any fields if editable.
Is there any feature in Django to make some staff users to restrict to view change list but can't get in to record. I just want to make them use only actions in change_list that if I give specific permissions. Otherwise they must just see the list without doing anything.
I know there are options like customizing django admin template or override any admin template. But it takes to much time. I wonder if there is any solution without customize or override.
I have been developing modules in OpenERP-7 using Python on Ubuntu-12.04. I want to give my users a feature by which they will have the ability to create what ever fields they want to . Like they will set the name, data_type etc for the field and then on click , this field will be created. I dont have any idea how this will be implemented. I have set up mind to create a button that will call a function and it will create a new field according to the details entered by the user . Is this approach of mine is right or not? And will this work . ? Please guide me so that I can work smartly.
Hopes for suggestion
The user can add fields, models, can customize the views etc from client side. These are in Settings/Technical/Database Structure, here you can find the menus Fields, Models etc where the user can add fields. And the views can be customized in Settings/Technical/User Interface.