In a typical database, admin can assign users and can create tables which can be accessed by only a particular set of users or groups. One can also create queries that can be made by certain users in a database like MySQL.
Does Django provide any such functionality or is is it only the Django ADMIN Interface that does this?
I am aware that the admin can create users and provide them with permissions for working with app models.
Django by itself doesn't provide access to the database-level users / groups / permissions, because it doesn't make much sense for a typical web application where all connections will be made with the same database user (the one defined in settings.DATABASES). Note that it's not a shortcoming be really the standard for web applications.
What Django provides is application-level users / groups / permissions (cf https://docs.djangoproject.com/en/1.8/topics/auth/). You have access to this application-level layer thru the admin but also - of course - programmatically thru the django.contrib.auth package.
Yes, you can do that.
Django defined these models in module django.contrib.auth.models
You can import all models from there like Group, Permission and all.
from django.contrib.auth.models import *
If you want to list all django auth models you can see them in mysql/or other database too by prefix auth_* e.g, in mysql
show tables like "%auth%";
Over these models you can use django ORM.
Related
I'm working on a mobile application where the backend is done by Dango but all the authentication and real-time database are in firebase
is there any way to integrate a Django admin with firebase instead of using firebase admin?
if not, can firebase admin be used with python to create an admin role and has the same permissions which Django gives to admin? and how to introduce the created role if possible to Django?
One of the many beauties of Django is the admin interface, which I use all the time. Django relies on certain types of databases - namely relational databases. With NoSQL databases, you lose Django admin. If you want to Firebase with Python, I would recommend Flask.
I'm developing a management software. And I need create a module for manage the permissions and groups using the auth of django. I dont want use the admin django because this just allow log in for super users.
I want override the admin route and create a form with the same features from the admin site. If is possible, I want use the widget for the assignment of permission and group.
I need all this built into an app because I need this to work for this and other projects.
I have already written a custom form to add, edit and view users extending the class UserCreationForm, I need something similar to that.
I hope you can help me...
First things first: don't do this!
Creating your own Django admin site is a load of work, and likely to be insecure etc. Your'e opening a giant can of worms here.
If you need members of your app to edit permissions, they do not have to be superusers! Users with is_staff = True can all access the admin site. Once you've set this for the users you want, go ahead and configure the exact permissions for this type of user.
Start with the official docs on user permissions.
When working with databases with Django, it automatically creates 12 default tables in the database.
I understand that I need dango_session for storing the session and probably django_site. But why do I need the others?
In PHP I used to store users in my own custom tables. Shouldn't I do that anymore?
The tables are created because you have django.contrib.auth, django.contrib.sessions, and so on in your INSTALLED_APPS setting. You shouldn't delete the tables if the apps are installed, as Django will expect them to exist.
None of the contrib apps are required to run Django. However, I highly recommend that you use the Django auth and sessions app instead of writing your own. For example, if you use the auth app, you don't need to worry about how to hash passwords, and there are lots of helpful views included to log users in, reset passwords and so on.
I am developing a Django app being a Web frontend to some Oracle database with another local DB keeping app's data such as Guardian permissions. The problem is that it can be modified from different places that I don't have control of.
Let's say we have 3 models: User, Thesis and UserThesis.
UserThesis - a table specifying relationship between Thesis and User (User being co-author of Thesis)
Scenario:
User is removed as an author of Thesis by removing entry in UserThesis table by some other app.
User tries to modify Thesis using our Django app. And he succeeds, because Guardian and Django do not know about change in UserThesis.
I thought about some solutions:
Having some cron job look for changes in UserThesis by checking the modification date of entry. Easy to check for additions, removals would require looking on all relationships again.
Modifying Oracle DB schema to add Guardian DB tables and creating triggers on UserThesis table. I wouldn't like to do this, because of Oracle DB being shared among number of different apps.
Manually checking for relationship in views and templates (heavier load on Oracle).
Which one is the best? Any other ideas?
I decided to go with manually checking the permissions, caching it whenever I can. I ended up with get_perms_from_cache(self, user) model method which helps me a lot.
I want to monkey patch the user model from Django.
My code:
from django.db import models
from django.contrib.auth.models import User
User.add_to_class('secret_question', models.CharField(max_length="100"))
User.add_to_class('answer', models.CharField(max_length="100"))
User.add_to_class('DOB', models.DateField())
Where do I place this code so that python manage.py syncdb will create the correct table?
I tried the main directory models.py, I tried an app's directory's models.py (these two didn't produce the correct table), and I tried placing it in the settings.py of the project (error, couldn't run).
Please take a look at Storing additional information about users section of the authentication documentation. It suggests a cleaner way to add additional information to a User object.
If you'd like to store additional information related to your users, Django provides a method to specify a site-specific related model -- termed a "user profile" -- for this purpose.
If you really want to monkey patch user model, there already exists an app for this.
Django-primate
A modular django user.
This Django application monkey patches
django in order to have a custom User
model that plugs into the
django.contrib.auth application.