I made a django application recently with multiple settings files, each setting file has its own SITE_ID and each SITE_ID is associated with site_id from the django_site table. Now, I want to create staff for certain sites only and other admins for all sites, how would I do something like that?
best wishes,
Mo - not sure whether you're still looking for an answer for this but this cross-post could be along the lines of what you're looking for.
I'm afraid I have bad news for you, you'll have to implement it on your own. What can
you do is to implement a new class say SiteUsers, it can look as follows:
class SiteUsers(models.Model):
site = models.ForeignKey(Site)
users = models.ForeignKey(User)
then you can use a kind of user_passes_test decorator to force access control. I'm not aware
of any ready to use solution.
another option would be to use groups. create set of groups for each site and sort users
to those groups. I think you'll have to have groups like:
site_1_add, site_1_delete, site_1_....
site_2_add, site_2_delete, site_2_....
however I'm afraid it does not scale so well. you will not find out unless you'll try.
anyway going either way will require a lot of admin customization. I really would need to do some research myself first.
Related
I am currently learning how to use Django. I want to make a web app where you as a user can join groups. These groups have content that just members of this group should be able to see. I learned about users, groups and a bit of authentication.
My first impression is, that this is more about the administration of the website itself and I cannot really believe that I can solve my idea with it.
I just want to know if thats the way to go in Django. I probably have to create groups in Django that have the right to see the content of the group on the website. But that means that everytime a group is created, I have to create a django group. Is that an overkill or the right way?
Groups in django (django.contrib.auth) are used to specify certain rights of viewing content mainly in the admin to certain users. I think your group functionality might be more custom than this and that you're better of creating your own group models, and making your own user and group management structure that suits the way your website is used better.
Please suggest me the best way. I am developing a Django application, you will have 3 types of User: Administrator, Reseller and User. They must have hierarchy. The administrator can see everything. The dealer can see everything that its users did. The User only sees what he did.
How can I make these permissions with hierarchy?
You can handle it with 2 differents ways:
First solution (seems to be better in your case): using Django permissions
Here you're gonna create groups, permissions and users. A good practice is to link permissions to groups, and then to link your users to groups. This way, it's easy to change something in the future.
Second solution: create 3 different profiles that inherits from the User base class. It will be more complicated to handle thought.
I'm working on something similar. Per-line authorizations are a bit of a pain in Django. There are two projects out there that can achieve all you are asking for: django-permission and django-guardian. I needed more finely grained permissions and had to roll my own.
I'm learning Django framework and I'm trying to implement some social features / permissions for objects. What is the best solutions for such thing eg.:
We have some model (eg.: photo):
name_field
picture_field
owner_field
allowed_group_users_field
allowed_group_users_field <----- field where we will put gorup / users whose are able to see photo.
Now view which will handle showing pictures should use: "#user_passes_test" decorator which will check if requesting user is included in allowed_group_users_field.
And my question is:
Is it correct way to solve such thing or there are better solutions for that - maybe other decorator is more suitable or other way of implementation..?
Hello and welcome onboard!
I have a relatively new account also in stackoverflow but I have quite some experience with django.
The way i see it, you want to create groups like foreign keys one to many, to users who are allowed to see this.
Your solution with a decorator is pretty common and there is nice documentation here, https://docs.djangoproject.com/en/1.4/topics/auth/#limiting-access-to-logged-in-users-that-pass-a-test and an example for the kind of group you need, here https://djangosnippets.org/snippets/1703/.
So, all you have to do is to extend the current decorator with your own logic (if user belongs to specific group) and it will work.
I hope i answer your question!
One company with many branches across the world using the same app. Each branch's supervisor, signing into the same /admin, should see and be able to manage only their records across many models (blog, galleries, subscribed users, clients list, etc.).
How to solve it best within django? I need a flexible and reliable solution, not hacks. Never came across this task, so really have no idea how to do it for the moment.
Tx
There is a nice tutorial here on Django Admin. It includes customizing the Admin to add row-level permissions (which, as i understand it, is what you want).
I'm building a simple app, a sort of project/tasks manager where I can have several projects and several tasks that are assigned to one project.
I enabled Django admin for all this sort of tasks and it's working like a charm. Also, I have some users that have projects assigned to them. So what I want now is to enable a cut down version of the admin for those users, where:
They can only manage/see tasks within their own project.
They can only delete their own tasks
some other minor restrictions.
What would be the best approach to this? Should I create another app with custom views and pages for client editing tasks or should I drop another admin instance and fine-tune it just for them?
I hope it was clear and not too subjective. Thanks.
+1 for custom app, hacking admin can take more time than just putting together your own admin from generic views.
I think that the best way to do this, either way, would be to somehow implement row-level permissions.
At the moment, the best solution for this is probably using the django-granular-permissions.
Like Dmitry I'm also for the custom app. Using generic views, modelforms et cetera will probably result in less work than modifying the admin app (which is not really made for hacking).
Also, if you keep an eye to the future, should the need for some more complex feature/restriction arise, you'll have less problems.