I have a 'Document' model which has many-to-many relationship with User model.There is a separate web page in my project which displays the Document instance in a text editor.
Now suppose user who created one document wants to invite other users to this document.But he wants to give read-only permission to some and read-write permission to others.
How do I implement this permission functionality in Django?How do groups and other permissions frameworks work in Django?
Django Group and Permission applies on model itself. So for a specific entry of document if you want to give access to user in that case you need to change your schema of Document model. Just add a users_who_can_read=ManyToMany(Users), users_who_can_write=ManyToMany(Users), and at your view.py when a user is trying to load a page just check if he is in users_who_can_read or not.
I think it should solve your problem without much problem.
Related
Whats the difference between DjangoModelPermissions and DjangoObjectPermissions?
I'm still learning Django and DRF and according to the docs, they seems to do exactly the same thing.
DjangoModelPermissions:
This permission class ties into Django's standard django.contrib.auth model permissions.
DjangoObjectPermissions
This permission class ties into Django's standard object permissions framework that allows per-object permissions on models
For the later, it seems like it has something to do with Django’s permission framework foundation which has no implementation. and apparently, django-guardian fills in this gap.
In Django admin, I'm able to assign a Model's CRUD permission to users and groups, so what does the later add?
I'm trying to wrap my head around this permission system. What are the differences and what should I know about them?
DjangoModelPermissions is all about permissions to interact with a database table which are represented as models in code while DjangoObjectPermissions are permissions to interact with individual rows in the table which are model instances in code.
Basically, the object permissions are granular permissions which give access to some rows in a table but can restrict access to other rows in the same table
In a Django Application, I have a model called application.py which is created by a user say "u". I want to list all the application created by the user "u" later, so i may need to add a reference to the model application.py from user.py.
I have one more requirement , as an admin , i need to provide access to any number of users to the same applications. So I assume this can be done with many to many relation.(Since users can access many applications).
Now the question is , is it possible to implement this behavior with user groups ,with one group is responsible for handling one application, so that in a later point of time i can add as many users as needed from the backend to respective groups to manage the same application.?
Which one is better , managing the users using many to many relation with model application.py or relating a group to application.py
and managing users using groups.
There are multiple ways to solve this, but it from a future flexibility point of view this sounds like a Role, Permission and Group relationship:
Applications have a many-to-many relationship to Users through a Membership.
Each membership would point to a Role. That could be hard-coded to start with (just a string like 'admin' or 'viewer').
This way a User can be associated to an Application as viewer or as an admin.
In the future, to add flexibility, you would have a model Role that describes the role (and could be associated to one or more Permission models to list the permissions for each role). So Membership would have a pointer to Role via a ForeignKey.
Check the documentation on extra fields on a many-to-many relationship.
There are also packages that solve this problem, e.g. django-permissions and django-role-permission
In django-admin, we have 3 rules that we can attribute to a table we can add, modify and delete. When you choose for an user the rule of modify, he can't add and delete.
My problem is that a have list of object and I don't want that the user be able to modify but only choose.
How I can disable it?
It's complicated.
django-admin as the name suggests is intended for admins, who should be able to edit, delete and make new tables.
Maybe this topic will be helpful for you:
https://github.com/lambdalisue/django-permission/issues/67
View permissions in Django
I'm looking for a way in Wagtail 1.8 to give a specific user edit and preview permissions on a specific page once it's created, so I can create the first version of a document for them and then they can add content, tweak, and preview until they're happy with it. One way to do that would have been to assign ownership of the page to them, but that field is read-only. Error is
django.core.exceptions.FieldError: 'owner' cannot be specified
for ArticlePage model form as it is a non-editable field
I can give the user edit and preview permissions for all documents by assigning them to an appropriate Group (e.g., the predefined Editor role) with the right permissions, but I'd rather avoid that if I can.
This can be accomplished using the stock wagtail permissions (http://docs.wagtail.io/en/v1.8/topics/permissions.html):
Just assign the user to a group of his own (so you need to create a new group) and then give edit permissions to that group for the page you mention. The permissions will propagate down the tree but since there are no children on that page it won't matter. Or you can explicitly don't allow the page to be edited to have children by setting subpage_types = [] to your custom page model.
Probably some of you would tell that is a recurrent topic, but after reading many articles, it still seems very ambiguous to me. My question is about the best way to use and to extend the User model preserving the authentication (and others) mechanisms available in Django. However, I prefer to describe my design:
There are users (Patients) that can sign up providing basic info (first name, last name, birth date, gender, email, password). Preferably, email should replace the username.
When a Patient is in the application, it can register a new Patient (imagine a member of the family), but email and password are not required because they won't log into the system.
For the first part, Django doc propose to extend User with a OneToOne relation to a Profile. However, to replace username by email they propose then to create a custom User extending from an AbstractUser, as well as an associated UserManager. The second requirement is like doing a one-to-many relation from users to users. So, according to Django, which should be the best strategy: creating a completely new user model and the one-to-many user-user adding an specific attribute that distinguish between main users and family members? OR extending Django User with a Profile and then a one-to-many relation profile-profile? Which option preserves the best the benefits of Django user authentication and model administration?
Thank you for any comment, suggestion, example.
First, if you want to use email as username, use the Django custom user functionnality. It works well.
Then, note that it's not because you created your own User that you can't extend it with a Profile.
So, a good solution could be :
Create a Django custom User without trying to add specific fields to it (the one and only purpose here is to use email to log instead of username).
Create a PatientProfile class that have a one-to-one relatioship (blank=True) with User class.
This way, a patient that can log in will be related to a User instance and will use this instance for this purpose. On the other hand, the patient who can't log in won't be related to any User instance.
In the end, there's no problem to use OneToMany relationship with PatientProfile for what's you want to do.