Hi everyone I am new to django tastypie framework and I am trying to make a simple api which has IOS clients.I am trying to implement authorization in such a way that one user can not modify other users data i.e one user can not upload images on behalf of other user.Users should only allowed to make changes to their database records.After surfing from last two days I couldn't able to find any tutorial in implement the same.can anyone let me know the links to do the same.Thank You.
You can use django-guardian. And here is a gist with a custom Authorization class you can use in conjunction with that.
Related
My Problem is, I want to create a extra website on a phpBB forum to provide extra stuff and registration for meeting. No problem I know django and python, so this is no problem.
But I would be nice, if I could accept a session from a user or import the phpBB users so that they can login to my app.
I found django-phpBB, but I don't want to access the data. If I read correctly, my case is not the use case of django-phpBB.
Can anybody give me a good advice?
I have to complete a task below:
I have to implement salesforce integration. Which include fetching user token from salesforce using OAuth2. Once I have the token I need to fetch the list of Users, Accounts, and Contacts from salesforce and store it in the database.
I need to write the code in Django and not supposed to use any existing third-party salesforce integration app?
Please suggest me resources or algorithm to achieve the solution.
You probably need this https://www.youtube.com/watch?v=cViU2-xVscA, he has clearly mentioned the steps for creating a user account and then connected app creation and then managing our endpoint, and yes the above-mentioned docs will not harm.
I'm currently working with some people to develop an application that will display a "sound library" when the user selects an option on their voip phone. The idea is that the phone system will pass a url with a device id in it, and that will open the django app to the users' library. I was told to remove login/user authentication in order to make the process easier for the user. My question is, is there a way to create a user field and save the model for future retrieval via the url request alone? Do I need to pass the device id to some hidden form first and redirect to the main page, and query the users' objects via the device id? I know there are security concerns but was wondering if it's even possible, any help is appreciated!
You should try using Djago REST Framework, it will make it easy to retrieve data with urls using unique identifier.
I'm working on a Django project and wanted its users to have the ability to create a Gmail account directly through our site.
Is anyone familiar with a way to do so?
If not, I was thinking of embedding Google's account creation page directly into the Django site, but I'm still unsure of how to do that.
Any suggestions would be great.
Thanks!
I'm building an app with a Django backend, Angular frontend, and a REST API using Django REST Framework for Angular to consume. When I was still working out backend stuff with a vanilla frontend, I used the provided Django authentication to handle user auth- but now that I'm creating a REST based app, I'm not sure how to approach authentication.
Since all user data will be either retrieved or submitted via the API, should API authentication be enough? If so, do I need to remove the existing Django authentication middleware?
Right now, when I try to hit API endpoints on an early version of the app, I'm directed to what looks like the normal Django login form. If I enter a valid username and password, it doesn't work- just prompts to login again. Would removing the basic Django authentication prevent this? I want to be prompted to login, however I'm not sure how to handle that with these technologies.
The package django-rest-auth seems useful, and the same group makes an Angular module- but the docs don't go much past installation and the provided endpoints. Ultimately, I think the core of this question is: how do I entirely switch authentication away from what's provided by Django to something like django-rest-auth or one of the other 3rd party packages recommended by DRF?
edit: I made this comment below, but I realized that I need to figure out how combined auth will work. I'm not building a single page app, so individual basic pages will be served from Django, but each page will hit various API endpoints to retrieve the data it needs. Is there a way to have something like django-rest-auth handle all authentication?
To anyone that stumbles onto this question, I couldn't figure out how to make the hybrid approach work. Having Django serve pages that each contained API calls seemed OK, but I never saw any requests made to the API- I believe due to some other security issues. I'm sure it's possible, but I decided to go for the single page app implementation after all to make things simpler.