django-permissions

django-guardian example source code

会有一股神秘感。 提交于 2019-12-13 13:18:30
问题 Can anyone suggest a good open source app that uses django-guardian? I'm not having trouble understanding the API, but I'd love to see an example to get a feel for implementation best practice (database design, etc.) 回答1: If you clone the django-guardian source code you have a working example of how to use it. And in this link are the instructions for integrating it with django admin 回答2: Django userena uses Django-guardian: https://github.com/bread-and-pepper/django-userena 来源: https:/

Django user permission inside template

a 夏天 提交于 2019-12-12 05:16:21
问题 I created a custom auth permission in django via admin site, and i added that permission to a user (not a group), now i want to ask if the request user in a template has it but nothing works.It's not a duplicate, i already checked similar questions and none of this work: {% if perms.auth.add_something %} {% if 'auth.add_something' in request.user.get_all_permissions %} {% if request.user.has_perm('add_something') %} I add my view: class NotificationSelectView(View): template = 'myapp

Django - limiting url access to superusers

拥有回忆 提交于 2019-12-11 06:26:36
问题 In my urlconf, i have: url(r'^sssssh/(.*)', staff_only_app.site.root), What I'd like to do is limiting any access to this application to superusers. I tried this: url(r'^sssssh/(.*)', user_passes_test(staff_only_app.site.root, lambda u: u.is_superuser)), But it complains that decorate takes exactly 1 argument, and I gave two. I'm thinking about currying the decorator via functools.partial, but thought I may be missing some more obvious solution. 回答1: Very late reply!... I think it's just a

ModelAdmin thread-safety/caching issues

为君一笑 提交于 2019-12-10 18:17:57
问题 Ultimately, my goal is to extend Django's ModelAdmin to provide field-level permissions—that is, given properties of the request object and values of the fields of the object being edited, I would like to control whether or not the fields/inlines are visible to the user. I ultimately accomplished this by adding a can_view_field() method to the ModelAdmin and modifying the built-in get_form() and get_fieldset() methods to remove/exclude fields+inlines that the user does not have permissions

Django migration fails with “__fake__.DoesNotExist: Permission matching query does not exist.”

天涯浪子 提交于 2019-12-10 01:00:48
问题 In a Django 1.8 project, I have a migration that worked fine, when it had the following code: # -*- coding: utf-8 -*- from __future__ import unicode_literals from django.db import migrations from django.conf import settings def update_site_forward(apps, schema_editor): """Add group osmaxx.""" Group = apps.get_model("auth", "Group") Group.objects.create(name=settings.OSMAXX_FRONTEND_USER_GROUP) def update_site_backward(apps, schema_editor): """Revert add group osmaxx.""" Group = apps.get_model

Add object level permission to generic view

為{幸葍}努か 提交于 2019-12-09 05:36:56
问题 The situation is pretty simple: I'm writing a multi-user blog system. The system should prevent non-owner to edit or delete a blog post. In my view I use generic view. class BlogUpdateView(UpdateView): ... I know I should use @method_decorator to decorate dispatch method. However, most example is just @method_decorator(login_required) or model level permission. How can apply object level permission to check whether request.user is the author of this blog post? For example, I tried to use

Register User in Django Rest Framework and Set Group For User

我的梦境 提交于 2019-12-07 05:17:37
问题 My user class is: class UserProfile(User): sex = models.SmallIntegerField(verbose_name=_(u'sex'), choices=SEX_TYPES, default=1) . . UserProfileSerializer: class ProfileSerializer(serializers.ModelSerializer): groups = GroupSerializer() class Meta: model = UserProfile fields = ('id', 'first_name', 'last_name', 'username','email','groups') Api view that allow users to register is: @api_view(['POST']) def create_user(request): serialized = ProfileSerializer(data=request.DATA) if serialized.is

can't change user permissions during unittest in django

旧巷老猫 提交于 2019-12-06 05:54:30
问题 I've finally decided to make some tests for my apps but I'm stuck on testing if a user can change another user (depends on the type of the user -- I use django-rules to be able to do logical permission checks, but this is not important) Here's the code I have so far class RulesAndPermissionsTests(TestCase): fixtures = ['auth_no_permissions.json', 'profiles.json', 'rules.json'] def setUp(self): self.c = Client() self.user = User.objects.get(username="estagiario") self.non_staff = User.objects

Django Groups and Permissions. Extending Groups to have a FK?

落花浮王杯 提交于 2019-12-06 00:51:29
问题 I'm working on a product that allows different schools to administer their content online. Part of this involves setting up a role based access control logic which I've written myself. Essentially, each school has its own set of roles that have their own set of permissions. A user of the software could belong to mulitple schools with differing roles at any given time. For various reasons, I want to ditch this and instead use Django's Groups and Permissions together with a library like django

Register User in Django Rest Framework and Set Group For User

南楼画角 提交于 2019-12-05 08:50:01
My user class is: class UserProfile(User): sex = models.SmallIntegerField(verbose_name=_(u'sex'), choices=SEX_TYPES, default=1) . . UserProfileSerializer: class ProfileSerializer(serializers.ModelSerializer): groups = GroupSerializer() class Meta: model = UserProfile fields = ('id', 'first_name', 'last_name', 'username','email','groups') Api view that allow users to register is: @api_view(['POST']) def create_user(request): serialized = ProfileSerializer(data=request.DATA) if serialized.is_valid(): created_user = UserProfile.objects.create_user( serialized.init_data['email'], serialized.init