Questions tagged [django-permissions]

1

votes
0

answer
196

Views

Django REST Framework: allow any user can edit any data (remove object_permission)

I am using Django REST Framework's viewsets.ModelViewSet to list, create, update and delete table rows. For the following Tasks model it works fine. But it only allows to list, create, update and delete of own entries (i.e. resource owner) or the user should be superuser. I want to make this API th...
Arun SS
1

votes
1

answer
32

Views

Is OAuth2 TokenScope similar to Django Permissions?

I'm building a dedicated OAuth2 as a service for my application, where users will be both authenticating and authorizing themselves. I've the following concerns 1) Is OAuth2 TokenScope similar to Django Permissions? 2) If I want to make role-level hierarchy application, how do I go about building o...
PythonEnthusiast
1

votes
1

answer
146

Views

Django REST Framework - How to quickly checks user permissions?

I usually use the permission_required the decorator to quickly deny users from accessing the view. from django.contrib.auth.decorators import permission_required @permission_required('my_app.view_mymodel',login_url='/sign_in/') def my_view(request): ... Now, I'm using DRF and I'm trying to find a pr...
Fabio
1

votes
0

answer
341

Views

Django rest framework redirect if permission denied

I am new in Django-rest-framework. I am learning about authentication and permissions. I am getting stuck at one point. I have created custom permission for selected users. So if some user doesn't have the correct permission for some view class, it returns HTTP status-403. In the browser it has mess...
Amit
1

votes
0

answer
89

Views

Permission linking between LDAP users groups and Django permissions (custom if possible)

Hello again every one, I have a question: I successfully implemented django-auth-ldap, the LDAP users can request successfully my DRF API. But nows, for my projetc needs, I have to define permissions depending of the group. Indeed, I will have like 12 groups in my app. Depending of the group, I will...
Benjamin Soulas
1

votes
1

answer
29

Views

Where in the project code are groups instances created and permissions assigned?

I was going through the documentation of django 2.1, I see that group permissions can be created inside a user model, or directly and then they can be assigned to a group instance using the permissions attribute. What I don't get is where in my project should I add the code which creates a Group ins...
Shashwat
1

votes
1

answer
36

Views

Implementing multi layer role on Django

Working with django Group and Permission. Normally works fine. Now want to add sub admin who can give permission only particular model. How to implement?
nikolas
1

votes
1

answer
57

Views

Formatting a permissions QuerySet so that it just displays the name column

I am trying to list the permissions specific to a model through a query. The goal is to just display the 'name' part of the QuerySet. I'm only able to get the output below through the tag: {{ permissions }} models.py class Account(models.Model): user = models.OneToOneField(User, on_delete=models.CAS...
DanielK
1

votes
1

answer
285

Views

A m2m Django permission model

Users on a webapp I'm building have multiple objects that are 'theirs' Let's pretend the object is called Toy. I want them to be able to set privacy options for their Toys so they can set the following visibility options: Friends of friends Friends Only allow a defined set of people Friends only, b...
Oli
1

votes
1

answer
1.4k

Views

Django Content type table - Auth Permission

I want to add a permission under auth_permission table. When I insert another permission manually, I need to insert a content_type_id also. This is referenced to content_type table. I dont know what it does. I want to remove set of HTML lines if user doesn;t have that permission. What's the importan...
PythonEnthusiast
1

votes
1

answer
398

Views

Django user not getting the assigned group's permissions

I am using django admin back end for creating user groups. I created a group called admin and assigned several permissions to it. But when I assign this group admin to a user the permissions of that group are not automatically assigned to the user. The django docs say that: A user in a group automat...
zaphod100.10
1

votes
1

answer
1k

Views

Django: How to manage groups and permission without using default admin

I am working on Django project as per requirements I need to manage users, groups and permissions in custom template. So I am not using default admin dashboard. I have completed user creation module, now I want to assign permissions and groups to a user. I have not override or customize any auth Mo...
Shoaib Ijaz
1

votes
2

answer
467

Views

Django - ManyToMany field to User return None

that's my model class Permissions(models.Model): group = models.ForeignKey(Group) Book = models.ForeignKey(Book) users = models.ManyToManyField(User) I implemented a custom save method to set permissions and save Users to a group: def save(self,*args,**kwargs): super(Permissions,self).save(*args,**k...
cassio gameiro
1

votes
1

answer
707

Views

How to enable a user to view the django admin home page if nothing but a custom view permission in given to the user?

By adding the following code in one of my models, I was able to add a view permission to the model. class Meta: default_permissions = ('add', 'change', 'delete', 'view') I have created a user in django-admin and given only view permission. I want that the user should be able to only view the values...
Naman Sharma
1

votes
1

answer
236

Views

Checking the existence of a permission object in Django unit test

Suppose that I want to write a test to make sure that a permission does not exist. I want the following test to pass (instead it gives an error): from django.test import TestCase from django.contrib.auth.models import Permission class TestPermission(TestCase): def test_existence_of_permission(self):...
HBat
1

votes
1

answer
21

Views

Django permissions analysis

Is anyone aware of a programmatic way of analysing a codebase to see which permissions each view is protected by? I'd like to be able to run a regular report on a site to inform us which views are available and who can see them etc. rather than having to maintain a list by hand. I'm aware of the sho...
bodger
1

votes
1

answer
146

Views

Loading django user groups from json

I am trying to make multiple user groups. Each groups has a set of seperate permissions. Is there a way to initialize a django project with user-group permissions from json. I am looking for methods like python manage.py loaddata user_groups.json.
Sudheer K
1

votes
1

answer
236

Views

Django : how to give user/group permission to view model instances for a specified period of time

I am fairly new to Django and could not figure out by reading the docs or by looking at existing questions. I looked into Django permissions and authentication but could not find a solution. Let's say I have a Detail View listing all instances of a Model called Item. For each Item, I want to control...
hlcarriere
1

votes
1

answer
35

Views

Group permission connected to model list

My model: class UserProfile(models.Model): user = models.OneToOneField(User, on_delete=models.CASCADE) POSITIONS = ( ('volunteer', 'volunteer'), ('employee', 'employee'), ('manager', 'manager'), ('director', 'director'), ('vet', 'vet') ) position = models.CharField(choices=POSITIONS, max_length=15)...
J.Cleese
1

votes
1

answer
0

Views

Django DRF role level permission

I have developed API's using DRF. I am struggling to relate the authorization part from Django's default permission which we define in the admin section for each and every role to the API. Let's say I have two API's Customer Management and Customer Sales and have two roles created from them at the...
Shahabaz
1

votes
1

answer
1.1k

Views

Django add custom permission in model

I have order model, and i want add custom permission using class META class Order(models.Model): STATUS_CHOICES = ( ('0', 'Готов'), ('1', 'Ждет оплаты'), ('2', 'Подтвержден'), ('3', 'В работе'), ('4', 'Выполнено'), ) created = models.DateTimeField(auto_now_a...
lmasikl
1

votes
3

answer
305

Views

best way to implement privacy on each field in model django

I am trying to provide privacy settings at the model's field level for users. So a user can decide which data he wants to display and which data he wants to hide. Example: class Foo(models.Model): user = models.OneToOneField('auth.User') telephone_number = models.CharField(blank=True, null=True, ma...
Gaurav
1

votes
1

answer
601

Views

Django 2.1 View Permission

The Django Doc states that the new View Permission is added to Django 2.1 but without further clarifications on how this will be used especially on the Django Admin Site. It is my understanding this will be kind of ReadOnly Permission, but I will appreciate more clarifications from any one with bet...
Paullo
1

votes
1

answer
247

Views

Why I can't assign new permission to group in the same migration in Django

I'm trying to add new migrations by following this tutorial I added new permission inside Meta into permissions field. Then I created migration and tryed to modify this migration to update group permissions in place. But got DoesNotExist in RunPython operation. from django.db import migrations def a...
Daniil Mashkin
0

votes
0

answer
4

Views

Django Permission

Hi i am having trouble with Django User object. I have created a group named 'Admin' and this group have the following permission 'can_change_name','can_update_name'. A user 'falcon' belong to group 'Admin' i did this by performing the following query user.groups.add(Group.objects.get(name='Admin...
skid
1

votes
1

answer
841

Views

Django - How to use specific custom permissions in views and templates?

For my 'tutorial app', I created some specific permissions after creating an object. Only the object's author have to be able to update or delete it. I'm a beginner and I'm here to learn, if my methods are ugly be tolerant. Here my views.py class CreateArticle(LoginRequiredMixin, generic.CreateView)...
Léo Mouyna
1

votes
1

answer
204

Views

Adding permissions when user is saved in Django Rest Framework

I'm creating an instance of a User object. The creation itself is a standard User.objects.create_user call and that works ok - user is created. After that, I'm trying to add a few permissions to him or her: for name in ('view_restaurant', 'change_restaurant', 'delete_restaurant', 'view_meal', 'add_m...
Marek M.
1

votes
1

answer
358

Views

Django Rest Framework permission on a Foreign key item

I have two models that have a relationship like so: class ManuscriptItem(models.Model): '''Represents a single manuscript's content''' author = models.ForeignKey('accounts_api.UserProfile', on_delete=models.CASCADE) title = models.CharField(max_length=255) content = models.CharField(max_length=9999...
NewScientists
1

votes
2

answer
789

Views

How to limit access to grappelli filebrowser using django auth permissions?

I need to restrict user access to filebrowser using permissions. For example, only users with permission 'can_upload_files' should be able to see Filebrowser in my custom dashboard. Is this possible? Thanks!
Filip Kołakowski
1

votes
3

answer
1.6k

Views

Django - limiting url access to superusers

In my urlconf, i have: url(r'^sssssh/(.*)', staff_only_app.site.root), What I'd like to do is limiting any access to this application to superusers. I tried this: url(r'^sssssh/(.*)', user_passes_test(staff_only_app.site.root, lambda u: u.is_superuser)), But it complains that decorate takes exactly...
Agos
1

votes
3

answer
2.1k

Views

How to set multiple permissions in one class view, depending on http request

I am working with django-rest-framework. The problem I am having is that the url is identical for both the POST and the GET methods but I want to have different permissions depending on which method is being called. Right now I'm using class based views and I can't figure out how to set different p...
andrew13331
1

votes
1

answer
382

Views

django permission to other owners

Imagine these models: User has many Buckets and each Bucket has many Items. User A only sees his own list of buckets and items in it. Now, I want to give user B permission to see user's A buckets but not items. Is this possible with Django built-in permission system or I need something like django-...
norbertpy
2

votes
4

answer
1.8k

Views

app_label permission problem Django

i've changed the app label doing this class Model(models.Model): pass class Meta: app_label = 'App Name' db_table = 'app_table' The table and application already existed, the problem is that when i go to the admin interface, only the superusers can view the app, and other users not, i tried to add p...
eos87
5

votes
2

answer
2k

Views

How to add a permission to a user/group during a django migration?

I would like to execute the following migration: # -*- coding: utf-8 -*- from __future__ import unicode_literals from django.contrib.auth.models import Permission from django.db import migrations from django.conf import settings from django.contrib.auth.models import Group, User def add_api_group(ap...
Andras Gyomrey
19

votes
1

answer
24.9k

Views

Add a custom permission to a User

I'd like to be able to give some existing Users a custom permission which I will require for accessing a view. I think I need to add the new permission to the Postgres table auth_permission, but I suspect there is a higher-level way to do this. Also there is a column in auth_permission for content_...
Mitch
19

votes
4

answer
23.5k

Views

Django - user permissions to certain views?

From the admin I see that you can allocate permissions to a user or a user group to :allow add, change or delete data from a model. That is great, but I also need to allow a user or a user group to access or not a group of views. I have certain type of services on my web site so I want to allow som...
avatar
5

votes
1

answer
4.2k

Views

Django admin - giving users access to specific objects/fields?

I need to make an 'owners' login for the admin. Say we have this model structure: class Product(models.Model): owner = models.ManyToManyField(User) name = models.CharField(max_length=255) description = models.CharField(max_length=255) photos = models.ManyToManyField(Photo, through='ProductPhoto') cl...
antihero
20

votes
5

answer
13.9k

Views

Django rest-framework per action permission

I'm a newbie in developing with Django + Django Rest-framework and I'm working on a project that provides REST Api access. I was wondering what is the best practice to assign a different permission to each action of a given ApiView or Viewset. Let's suppose I defined some permissions classes such as...
lWhitmore
2

votes
1

answer
105

Views

Render or redirect when user role is specified

I'm building app using django (for note that i'm very very new to django). I want to add redirection from this existing view. Object inside the view: from core.views import generic class ListViewPublic(generic.ListView): pass class BookListView(ListViewPublic): model = Book def get_queryset(self): f...
Ardian
5

votes
2

answer
2.5k

Views

Django Groups and Permissions. Extending Groups to have a FK?

I'm working on a product that allows different schools to administer their content online. Part of this involves setting up a role based access control logic which I've written myself. Essentially, each school has its own set of roles that have their own set of permissions. A user of the software c...
super9

View additional questions