Questions tagged [django-permissions]

1

votes
1

answer
206

Views

Why I can't assign new permission to group in the same migration in Django

I'm trying to add new migrations by following this tutorial I added new permission inside Meta into permissions field. Then I created migration and tryed to modify this migration to update group permissions in place. But got DoesNotExist in RunPython operation. from django.db import migrations def a...
Daniil Mashkin
0

votes
0

answer
4

Views

Django Permission

Hi i am having trouble with Django User object. I have created a group named 'Admin' and this group have the following permission 'can_change_name','can_update_name'. A user 'falcon' belong to group 'Admin' i did this by performing the following query user.groups.add(Group.objects.get(name='Admin...
skid
1

votes
1

answer
791

Views

Django - How to use specific custom permissions in views and templates?

For my 'tutorial app', I created some specific permissions after creating an object. Only the object's author have to be able to update or delete it. I'm a beginner and I'm here to learn, if my methods are ugly be tolerant. Here my views.py class CreateArticle(LoginRequiredMixin, generic.CreateView)...
Léo Mouyna
1

votes
1

answer
198

Views

Adding permissions when user is saved in Django Rest Framework

I'm creating an instance of a User object. The creation itself is a standard User.objects.create_user call and that works ok - user is created. After that, I'm trying to add a few permissions to him or her: for name in ('view_restaurant', 'change_restaurant', 'delete_restaurant', 'view_meal', 'add_m...
Marek M.
1

votes
1

answer
352

Views

Django Rest Framework permission on a Foreign key item

I have two models that have a relationship like so: class ManuscriptItem(models.Model): '''Represents a single manuscript's content''' author = models.ForeignKey('accounts_api.UserProfile', on_delete=models.CASCADE) title = models.CharField(max_length=255) content = models.CharField(max_length=9999...
NewScientists
1

votes
2

answer
788

Views

How to limit access to grappelli filebrowser using django auth permissions?

I need to restrict user access to filebrowser using permissions. For example, only users with permission 'can_upload_files' should be able to see Filebrowser in my custom dashboard. Is this possible? Thanks!
Filip Kołakowski
1

votes
3

answer
1.5k

Views

Django - limiting url access to superusers

In my urlconf, i have: url(r'^sssssh/(.*)', staff_only_app.site.root), What I'd like to do is limiting any access to this application to superusers. I tried this: url(r'^sssssh/(.*)', user_passes_test(staff_only_app.site.root, lambda u: u.is_superuser)), But it complains that decorate takes exactly...
Agos
1

votes
3

answer
2.1k

Views

How to set multiple permissions in one class view, depending on http request

I am working with django-rest-framework. The problem I am having is that the url is identical for both the POST and the GET methods but I want to have different permissions depending on which method is being called. Right now I'm using class based views and I can't figure out how to set different p...
andrew13331
1

votes
1

answer
382

Views

django permission to other owners

Imagine these models: User has many Buckets and each Bucket has many Items. User A only sees his own list of buckets and items in it. Now, I want to give user B permission to see user's A buckets but not items. Is this possible with Django built-in permission system or I need something like django-...
norbertpy
2

votes
4

answer
1.8k

Views

app_label permission problem Django

i've changed the app label doing this class Model(models.Model): pass class Meta: app_label = 'App Name' db_table = 'app_table' The table and application already existed, the problem is that when i go to the admin interface, only the superusers can view the app, and other users not, i tried to add p...
eos87
5

votes
2

answer
2k

Views

How to add a permission to a user/group during a django migration?

I would like to execute the following migration: # -*- coding: utf-8 -*- from __future__ import unicode_literals from django.contrib.auth.models import Permission from django.db import migrations from django.conf import settings from django.contrib.auth.models import Group, User def add_api_group(ap...
Andras Gyomrey
19

votes
1

answer
24.9k

Views

Add a custom permission to a User

I'd like to be able to give some existing Users a custom permission which I will require for accessing a view. I think I need to add the new permission to the Postgres table auth_permission, but I suspect there is a higher-level way to do this. Also there is a column in auth_permission for content_...
Mitch
19

votes
4

answer
23.5k

Views

Django - user permissions to certain views?

From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model. That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow som...
avatar
5

votes
1

answer
4.2k

Views

Django admin - giving users access to specific objects/fields?

I need to make an 'owners' login for the admin. Say we have this model structure: class Product(models.Model): owner = models.ManyToManyField(User) name = models.CharField(max_length=255) description = models.CharField(max_length=255) photos = models.ManyToManyField(Photo, through='ProductPhoto') cl...
antihero
20

votes
5

answer
13.9k

Views

Django rest-framework per action permission

I'm a newbie in developing with Django + Django Rest-framework and I'm working on a project that provides REST Api access. I was wondering what is the best practice to assign a different permission to each action of a given ApiView or Viewset. Let's suppose I defined some permissions classes such as...
lWhitmore
2

votes
1

answer
105

Views

Render or redirect when user role is specified

I'm building app using django (for note that i'm very very new to django). I want to add redirection from this existing view. Object inside the view: from core.views import generic class ListViewPublic(generic.ListView): pass class BookListView(ListViewPublic): model = Book def get_queryset(self): f...
Ardian
5

votes
2

answer
2.5k

Views

Django Groups and Permissions. Extending Groups to have a FK?

I'm working on a product that allows different schools to administer their content online. Part of this involves setting up a role based access control logic which I've written myself. Essentially, each school has its own set of roles that have their own set of permissions. A user of the software c...
super9
2

votes
3

answer
955

Views

How can I get all users an object has specific permissions to in django guardian?

There is from guardian.shortcuts import get_objects_for_user But what about from guardian.shortcuts import get_users_for_object Thanks.
Natim
1

votes
1

answer
409

Views

What is best practice for restricting user permissions when editing model instances

I am building a simple app using User Authentication. My app has 3 models: Users : The standard Django user model Locations: A model for an office (address, site name, etc) Employees: A model for an employee (name, email, etc) I also have a series of views that allow a user to login, create, and ed...
alias51
2

votes
1

answer
117

Views

Where does the creation of permissions live in Django?

I need to do some debugging, because the permissions for one of my models are created wrongly. So I tried to find the piece of code where Django creates the permissions upon syncdb and writes them in the database, but I haven't been successful at all; maybe I just overlooked the right lines of code,...
3

votes
2

answer
1.3k

Views

How to limit access to the UpdateView of an object to the creator of that object

Django and programming noob here. I've made an application I'd like to deploy, but I need to figure out how to limit access to the UpdateView to the creator of that object, and I'm stumped. Currently a user can use the CreateView .../universities/create/ to create a university object, but then any u...
Mitch Downey
3

votes
1

answer
1.2k

Views

Django-guardian - where to assign default permission on object creation

I am starting an app that has a complex permission structure that will inevitably be managed by the users themselves. I have the following permissions in the model: class Meta: permissions = ( ('can_view', 'View project'), ('manage_view', 'Can assign View project'), ('can_edit', 'Edit project'), ('m...
jondykeman
12

votes
1

answer
3.3k

Views

Django migration fails with “__fake__.DoesNotExist: Permission matching query does not exist.”

In a Django 1.8 project, I have a migration that worked fine, when it had the following code: # -*- coding: utf-8 -*- from __future__ import unicode_literals from django.db import migrations from django.conf import settings def update_site_forward(apps, schema_editor): '''Add group osmaxx.''' Group...
das-g
4

votes
1

answer
4.4k

Views

How to check current user's permissions from a Group in Django?

I have a group EuropartsBuyer and model named Product. The following code adds a permission to the Product model. class Meta: permissions = ( ('can_add_cost_price', 'Can add cost price'), ) In one of my views I have the following code to add this permission to that group. europarts_buyer, created =...
MiniGunnR
2

votes
2

answer
1.7k

Views

Django sites framework permissions

I am using the sites framework to run multiple apps off of one code base. I have 3 users, and 3 sites. They can login to the django admin interface and create content but I want them to see only the site they are allowed to manage, not the others, can the sites framework handle this? if not can anyo...
JeffTaggarty
12

votes
3

answer
6.4k

Views

Django: Adding Permission to an Specific Model Instance

I am looking for the best way to implement user permissions to allow users to edit specific model instances. For instance, I have such two models: model RadioChannel(models.Model): name = models.CharField(max_length=150, unique= True) number = models.IntegerField( unique= True) model ProgramSchedule...
Hellnar
3

votes
2

answer
1.5k

Views

django access control based on a model field value

I have a model class Department with a field name. I have another Model Student with a foreign key to Department. I want to control access to Student objects based on department. That is, a user with permission to edit the department with name 'CS' can only edit that fields. How this can be achieved...
Rohith
3

votes
3

answer
1.6k

Views

Creating custom permission in data migration

I was trying to create a custom permission in a migration, however after running migrate, the permission was not created in the permission table. Could someone point out what the error was? Also I am not sure what I should use as the related model for ContentType as the permission is used for restr...
Aithusa
2

votes
1

answer
479

Views

What is the best app for row level permissions in Django?

What is the best app for row level permissions in Django? There are many of them at http://djangopackages.com/grids/g/perms/, but how to choose more promising one?
Alexander Artemenko
4

votes
1

answer
2.4k

Views

can't change user permissions during unittest in django

I've finally decided to make some tests for my apps but I'm stuck on testing if a user can change another user (depends on the type of the user -- I use django-rules to be able to do logical permission checks, but this is not important) Here's the code I have so far class RulesAndPermissionsTests(Te...
Clash
31

votes
6

answer
17.8k

Views

How can I MODIFY django to create “view” permission?

I've recently started using django to administer a large existing application that was grown organically over the years using twisted.web. I started experimenting with django and it's automatic admin interface and I've been very pleased with the results. One thing that seems to be missing for my pu...
31

votes
1

answer
35.5k

Views

User groups and permissions

I need to implement user rights for user groups (pretty similar to facebook groups). For example, each group can have members with rights like: can_post, can_delete, can_ban, etc. Of course, one user can be a member of many groups and group can have many different users with different rights. What m...
duke_nukem
2

votes
1

answer
199

Views

Does Django's permission system give advantages with custom Access Levels for a community webapp?

Django permissions are great if you need to let someone access the admin and restrict what they can do. But what if I want to use a similar functionality in the frontend of an application? Example: model Group has its own Members, a member can have three different access levels: member admin super-a...
nemesisdesign
6

votes
1

answer
1.9k

Views

object-level permissions django

How do you ensure that a User can only edit objects they've created? What's the best way to set this up? I'm using django-rest-framework and wondering if there's a way I can restrict users from viewing/ editing objects they don't 'own'. class Video(models.Model): owner = models.ForeignKey(User) ......
9-bits
3

votes
3

answer
1.5k

Views

How to dynamically name permissions in a Django abstract model class?

I want to define some custom permissions on an abstract model class that would then be inherited by all child classes, and rather than give the permissions a generic object name that could apply to any subclassed model type, I would like to essentially use the verbose_name_plural property of the chi...
gravelpot
32

votes
2

answer
9.3k

Views

django-object-permissions Vs django-guardian Vs django-authority

I've found 3 row-level permission solutions for Django 1.2+ django-object-permissions django-guardian django-authority Could someone tell if there is any recommended more than the others, what are their main differences, etc.?
Akasha
1

votes
2

answer
1.2k

Views

Django PermissionRequiredMixin redirect to login template with message

I got this view and I'm using PermissionRequiredMixin on it...it works fine but when I redirect to login template (set in settings LOGIN_URL) I need it shows a message there like 'You don't have permission to do this'. Any idea how to do it without creating a custom decorator, just using PermissionR...
jsanchezs
7

votes
4

answer
7.1k

Views

Django: Applying permissions in the URL dispatcher?

In my Django application, I have certain permissions which users need in order to access certain views (using django.contrib.auth). This works fine, using the @permission_required decorator on my view functions. However, some of my URLs resolve to views which I did not write, such as the built-in d...
kdt
7

votes
2

answer
4k

Views

Django admin - change permissions list

Is there any possibility to change permissions list in user edit page? I don't wan't to show all of permissions for example admin log entry or auth group etc. How can I modify a main queryset to exclude some of it?
robos85
2

votes
1

answer
1.4k

Views

Migrate user groups and permissions in Django?

I've built an application that I want to move from my development server to my production server. In this application I have defined 3 custom groups in auth.group and each of those have specific permissions. I've tried to dump the data from auth.group - it seems to include permissions ids as well....
NewGuy

View additional questions