I´m using django for my backend and this backend is managing multiple applications.
For example i have app_a and app_b.
for app_a i created a lot of custom permissions and groups.
Now i want to give another user the permission to access the admin panel, but i wan`t that he can only add permissions and groups to users that belongs to app_a.
I tried to use add_group or add_permission, but this is assigned to all apps.
Thank you for support!
Related
I have one django project that serves as an API and contains a database and multiple apps with models, database migrations and so on.
I want to have a custom admin interface as well as django-admin which are only accessible via the intranet. Is this possible within the same django project while the other apps are accessible from outside the intranet? And if not, is it possible to have two django projects. One which serves as the API containing the database, models and migrations. And another one that contains just the django-admin and my custom admin interface app that can access the databse and models from the other project?
Your question consists of two parts.
How to share a database between Django Projects? You just need to pass the same database credentials (HOST, DB_NAME, USERNAME, and PASSWORD) to connect to a same database
How to share models? I'll describe two options here.
Creating a Django App to contain your models(Recommended)
You can create a Django app to contain your shared models. This tutorial will explain how to do that.
https://realpython.com/installable-django-app/
Then, you just need to install your app in your Django projects.
Copy Pasting your model code.
You can easily copy and paste your model codes into different projects, but syncing between them would be a problem and is not recommended.
If you have django.contrib.auth in your INSTALLED_APPS django will automatically create add, change, delete and view permissions to every model in your system (or any one you add later). These are stored in auth_permission.
In django doc, here is what we can read under Groups section:
django.contrib.auth.models.Group models are a generic way of categorizing users so you can apply permissions, or some other label, to those users. A user can belong to any number of groups.
A user in a group automatically has the permissions granted to that group. For example, if the group 'Site editors' has the permission can_edit_home_page, any user in that group will have that permission.
I've a group with no permission at all (call it NADA) and I've assign that group to a specific user (let's call him Pierre). Pierre can still connect and create, update, delete or view anything on my web interface.
How can I make it working? There's few or no doc on the web for native Django Permission.
I've read this nice publication
django-permission-apps-comparison.
I know I could install django-guardian, django-role-permissions or
django-rules...
I know we can manage access via middleware or decorator But since django IS creating these tables for us (user, groups, permissions and group_permissions)
I thought it was extremely simple to implement CRUD access to any model class!
Wrong?
Do I miss something?
Note: Working with Python3.6 and Django 2.1.3
Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.
First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.
If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.
I'm developing a management software. And I need create a module for manage the permissions and groups using the auth of django. I dont want use the admin django because this just allow log in for super users.
I want override the admin route and create a form with the same features from the admin site. If is possible, I want use the widget for the assignment of permission and group.
I need all this built into an app because I need this to work for this and other projects.
I have already written a custom form to add, edit and view users extending the class UserCreationForm, I need something similar to that.
I hope you can help me...
First things first: don't do this!
Creating your own Django admin site is a load of work, and likely to be insecure etc. Your'e opening a giant can of worms here.
If you need members of your app to edit permissions, they do not have to be superusers! Users with is_staff = True can all access the admin site. Once you've set this for the users you want, go ahead and configure the exact permissions for this type of user.
Start with the official docs on user permissions.
In a typical database, admin can assign users and can create tables which can be accessed by only a particular set of users or groups. One can also create queries that can be made by certain users in a database like MySQL.
Does Django provide any such functionality or is is it only the Django ADMIN Interface that does this?
I am aware that the admin can create users and provide them with permissions for working with app models.
Django by itself doesn't provide access to the database-level users / groups / permissions, because it doesn't make much sense for a typical web application where all connections will be made with the same database user (the one defined in settings.DATABASES). Note that it's not a shortcoming be really the standard for web applications.
What Django provides is application-level users / groups / permissions (cf https://docs.djangoproject.com/en/1.8/topics/auth/). You have access to this application-level layer thru the admin but also - of course - programmatically thru the django.contrib.auth package.
Yes, you can do that.
Django defined these models in module django.contrib.auth.models
You can import all models from there like Group, Permission and all.
from django.contrib.auth.models import *
If you want to list all django auth models you can see them in mysql/or other database too by prefix auth_* e.g, in mysql
show tables like "%auth%";
Over these models you can use django ORM.
I'm building a web application where I have 2 sets of users (students and teachers). Teachers should be able to create their account, create a page of their content. Students should be able to create an account to sign up for this content. I am currently using django-registration to handle registration but I am wondering what's the best way to handle these 2 sets of users and still be able to use the Django authentication framework? I have heard about having multiple profiles but would like some opinions.
Thanks!
You could use permissions. When they sign up if they're a Teacher give them content creation permissions. If they're a student they don't get the permissions.
In the user profile I would just have a field that says which type they are. Unless a lot of the data is different I wouldn't have two user profiles.