Is there any way to create a group model with permissions already estabilished? I'm trying to create a system with at least 4 pre defined user types, and each user type will have some permissions.
Yes just create your desired groups in admin panel and add your permissions to each group then assign your users to the defined groups.
You can add the Group and Permissions creating commands to a migration, using the RunPython operation.
Related
I need advice. I want to make 3 types of user:
member (only nickname/password/email)
company (nickname/password/email/company/regon + permision for edit model)
admin
My question is about how to make model for these users:
make big model for member and company together but field which are only for comapny make empty for member. Next to by admin panel i can make group and add "comapny" ppl
make 2 type of user (here i will need advice like what i should use on it) and seperate website register for member and company and login should be the same form.
You can achieve this simply by creating a Boolean field for each type of user (member, company, admin) in your User model. Save the different type of users from different URLs, when save just change the Boolean flag into True. Then, you can handle the user in view like if user_type.member: and so on. It also can be achieved by using Enum (choice) field.
Is it possible to add multiple admins in Django's admin panel and how I will register them(they need to have the same rights)? And also is it possible to add another 2 roles to the panel with different rights?
I read a lot about it and can't find the answer.
I will really appreciate your help!
You can just create/modify a user and while creating a user you can select their role if they are admin, staff, etc. You can also customize user's permissions when you create their account or if the accounts are already created you can modify it.
To avoid having to assign permission's again and again, i would suggest you create a new group and add the permission that the user in that group should have and then assign the desired user in that group.
If you have django.contrib.auth in your INSTALLED_APPS django will automatically create add, change, delete and view permissions to every model in your system (or any one you add later). These are stored in auth_permission.
In django doc, here is what we can read under Groups section:
django.contrib.auth.models.Group models are a generic way of categorizing users so you can apply permissions, or some other label, to those users. A user can belong to any number of groups.
A user in a group automatically has the permissions granted to that group. For example, if the group 'Site editors' has the permission can_edit_home_page, any user in that group will have that permission.
I've a group with no permission at all (call it NADA) and I've assign that group to a specific user (let's call him Pierre). Pierre can still connect and create, update, delete or view anything on my web interface.
How can I make it working? There's few or no doc on the web for native Django Permission.
I've read this nice publication
django-permission-apps-comparison.
I know I could install django-guardian, django-role-permissions or
django-rules...
I know we can manage access via middleware or decorator But since django IS creating these tables for us (user, groups, permissions and group_permissions)
I thought it was extremely simple to implement CRUD access to any model class!
Wrong?
Do I miss something?
Note: Working with Python3.6 and Django 2.1.3
Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.
First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.
If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.
The goal
Being able to automatically create few groups with predefined permissions (including permissions created automatically by django.contrib.auth.signals).
My Struggle
Apparently there are two ways to do this:
fixtures
signals
The problems with going with the first option are:
You can't possibly know, before hand (except maybe by running the script once and noting the IDs on paper), what are the IDs of the predefined permissions (add_, delete_, change_). -
If you decide to create your own permissions you also don't know how to populate the "pk" field in the fixture, giving that some permissions have already been created.
The problem with going with the second option is:
Apparently your signals are run before any other signals, including django.contrib.auth.signals, therefore you are not able to call its predefined permissions and add them to your groups.
Not only that, but with a simple:
def create_initial_groups(**kwargs):
staff_group = Group(name = 'Staff')
clients_group = Group(name = 'Clients')
staff_group.save()
clients_group.save()
and:
signals.post_syncdb.connect(
create_initial_groups,
dispatch_uid = 'unique_app_identifier.listeners.create_initial_groups'
)
I get an:
django.db.utils.IntegrityError: duplicate key value violates unique
constraint "auth_group_name_key" DETAIL: Key (name)=(Staff) already
exists.
Even with a clean database (running drop schema public cascade; create schema public; on psql before python manage.py syncdb).
Question
So, what's the cleanest way, if any exists, to prepopulate the database with few groups and permissions?
If you can associate those custom permissions with your models, try defining them under the permissions attribute inside model's Meta class.
Create fixtures for your custom groups, but use natural keys when serializing them, so that they refer to related permissions by their name rather than pk.
I will be creating an intranet site with multiple roles (client-employee, client-admin, staff team member). Each role will have a model that attaches (via One-to-One or ForeignKey field) to a user with custom fields. I want each role to have it's own set of permissions (like a group).
How can I store this permissions set inside my application. Groups seem to be defined as part of the contrib.admin app rather than in code. I couldn't find anything in documentation on how to define a group.
What is the best way to handle model level permissions. Maybe I could do a check in the model if see if the user has the right role-model.
Access control lists are tricky (some say dead), but Django comes with a good default implementation in contrib.auth equipped with:
Users
Permissions: Binary (yes/no) flags designating whether a user may perform a certain task.
Groups: A generic way of applying labels and permissions to more than one user.
A more detailed introduction can be found here:
http://parand.com/say/index.php/2010/02/19/django-using-the-permission-system/