django-permissions

问题 I have following functions in rest API for User model. I want to set AllowAny permission on only POST request. Can someone help me out. class UserList(APIView): """Get and post users data.""" def get(self, request, format=None): """Get users.""" users = User.objects.all() serialized_users = UserSerializer(users, many=True) return Response(serialized_users.data) def post(self, request, format=None): """Post users.""" serializer = UserSerializer(data=request.data) if serializer.is_valid():

问题 There are a number of questions about this, but they all seem slightly different to what I need. I have a custom user model in my core app in models.py in django: from django.db import models from django.contrib.auth.models import * from django.contrib.auth.models import ( AbstractBaseUser, BaseUserManager, PermissionsMixin, ) class UserManager(BaseUserManager): def create_user(self, email, password=None, **extra_fields): """Creates and saves a new user""" pl = Permission.objects.filter

问题 I need to make an "owners" login for the admin. Say we have this model structure: class Product(models.Model): owner = models.ManyToManyField(User) name = models.CharField(max_length=255) description = models.CharField(max_length=255) photos = models.ManyToManyField(Photo, through='ProductPhoto') class Photo(models.Model): order = models.IntegerField() image = models.ImageField(upload_to='photos') alt = models.CharField(max_length=255) class ProductPhoto(models.Model): photo = models

问题 I need to make an "owners" login for the admin. Say we have this model structure: class Product(models.Model): owner = models.ManyToManyField(User) name = models.CharField(max_length=255) description = models.CharField(max_length=255) photos = models.ManyToManyField(Photo, through='ProductPhoto') class Photo(models.Model): order = models.IntegerField() image = models.ImageField(upload_to='photos') alt = models.CharField(max_length=255) class ProductPhoto(models.Model): photo = models

问题 I am trying to provide privacy settings at the model's field level for users. So a user can decide which data he wants to display and which data he wants to hide. Example: class Foo(models.Model): user = models.OneToOneField("auth.User") telephone_number = models.CharField(blank=True, null=True, max_length=10) image = models.ImageField(upload_to=get_photo_storage_path, null=True, blank=True) I want to provide an option to the user to select the fields which he wants to display and which he

问题 I am using custom permissions in my Django models like this: class T21Turma(models.Model): class Meta: permissions = (("can_view_boletim", "Can view boletim"), ("can_view_mensalidades", "Can view mensalidades"),) The problem is that when I add a permission to the list it doesn't get added to the auth_permission table when I run syncdb. What am I doing wrong. If it makes any difference I am using south for database migrations. 回答1: South does not track django.contrib.auth permissions. See

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 4 months ago . I'm creating a website where there is two types of users, Students and Teachers. I had created one register and login page for authentication. Now by default all the users who sign up will be the students and can access the videos and also accessing teachers area (I did the

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 4 months ago . I'm creating a website where there is two types of users, Students and Teachers. I had created one register and login page for authentication. Now by default all the users who sign up will be the students and can access the videos and also accessing teachers area (I did the

问题 I've got a model defined in my Django app foo which looks like this: class Bar(models.Model): class Meta: permissions = ( ("view_bar", "Can view bars"), ) I've run manage.py syncdb on this, and sure enough, it shows up in the auth_permissions table: id|name|content_type_id|codename 41|Can view bars|12|view_bar However, when I try adding that permission to a user object in a view, like so: request.user.user_permissions.add('foo.view_bar') The code blows up with the following exception: invalid

问题 I'm a newbie in developing with Django + Django Rest-framework and I'm working on a project that provides REST Api access. I was wondering what is the best practice to assign a different permission to each action of a given ApiView or Viewset. Let's suppose I defined some permissions classes such as 'IsAdmin', 'IsRole1', 'IsRole2', ..., and I want to grant different permissions to the single actions (e.g. a user with Role1 can create or retrieve, a user with Role2 can update, and only an