I am configuring access control for a web application based on the Pyramid framework. I am setting up permissions for my view callables using the #view_config decorator. I have two permissions, namely 'read' and 'write'. Now, I want certain views to require both permissions. I was unable to figure out how to do this with view_config - am I missing something, or is there maybe another way to do this?
Make a readwrite permission. Each view gets one and only one permission but each principal can be mapped to many permissions.
Related
The login_required, user_passes_test and permission_required decorator only apply to specific functions, similar for the mixin. But is it a good practice to put #permission_required('polls.add_choice') to each and every view that require such permission?
I think it is quite common that multiple views have the same permission. For example, you have an employer and job seeker, only the employer can add company name/ address, post a job and check job application. It is also common that the website requires login for most of its pages.
So my question is what is the idioms/practice assigning the same permission to multiple views? The only recipe I can find is Beginning Django - Listing 10-8. Permission checks in urls. Pay for include () definitions. Another approach is to swap the view function inside a class (as static method) and do some trick the add permission to all methods.
Is there any better sulotion? Or any reason not to do that?
I think that in this case it is most ideal to use Django's groups system.
It's totally ok to use same permission for several views because in some cases there is more views than the 4 CRUD views and 2 views can be intended to same user/rule/groups.
It also depends on number of online users of your site.
It there are thousands of users online - try to cache that wrappers.
or rewrite all to api
I'm developing a management software. And I need create a module for manage the permissions and groups using the auth of django. I dont want use the admin django because this just allow log in for super users.
I want override the admin route and create a form with the same features from the admin site. If is possible, I want use the widget for the assignment of permission and group.
I need all this built into an app because I need this to work for this and other projects.
I have already written a custom form to add, edit and view users extending the class UserCreationForm, I need something similar to that.
I hope you can help me...
First things first: don't do this!
Creating your own Django admin site is a load of work, and likely to be insecure etc. Your'e opening a giant can of worms here.
If you need members of your app to edit permissions, they do not have to be superusers! Users with is_staff = True can all access the admin site. Once you've set this for the users you want, go ahead and configure the exact permissions for this type of user.
Start with the official docs on user permissions.
Is it possible to change attributes of a user in LDAP via django?
As of now, I can't find any solution on the Internet.
I have the django-auth-ldap backend and I can log in as a user (GUI). But I can't change any of their attributes, i.e. I can't change the name.
What do I have to write or extend? If you have any idea let me know.
Do I have to write in my views, models, forms or whatever?
I have built an oauth provider using django-oauth-toolkit.
I would now like to allow users of my client application to log in through this provider.
My understanding is that django-allauth is the ideal tool for this.
I see that django-allauth has a special folder for each provider, and in this folder there is a special files called provider.py. For example, this is the folder for the github provider.
Should I be creating something similar to this folder, specially for my custom provider ? Or is there an easier/better way to do this ?
Based on what the documentation says, it discovers new providers based on INSTALLED_APPS. So you will need a Django app that has the same structure yes and includes a providers.py. So you should be able to use a new app or an existing one.
This is from the docs:
When an existing provider doesn’t quite meet your needs, you might
find yourself needing to customize a provider.
This can be achieved by subclassing an existing provider and making
your changes there. Providers are defined as django applications, so
typically customizing one will mean creating a django application in
your project, containing your customized urls.py, views.py and
provider.py files. What behaviour you can customize is beyond the
scope of this documentation.
Also, a note about the contents of the providers.py file:
In your provider.py file, you will need to expose the provider class
by having a module level attribute called provider_classes with your
custom classes in a list. This allows your custom provider to be
registered properly on the basis of the INSTALLED_APPS setting.
This is a interesting article that explains this topic:
https://raphaelyancey.fr/en/2018/05/28/setting-up-django-oauth2-server-client.html
I know that Django has a permission/group system. But that's mostly tied to each model. (Correct me if I'm wrong.)
My purpose is to have groups that can do multiple stuff. For example, one group can write to this and that. One group can edit this and that in different servers, different databases. Basically, it's beyond the model system.
I just want a custom groups system that's not tied to any model.
Three permissions are generated per model by default, but you can define additional permissions that you can use for other purposes. From there, the permissions decorator can handle authorization.
You need an app like django-guardian or something to handle object-level permissions, not model.