Menu
I would love to have more granular permission in my Django project, but can't decide what app to use. What I have is something like:
class Item(models.Model):
name = models.CharField(max_length=64, unique=True)
description = models.CharField(max_length=128, default='')
logo = ImageField(upload_to=/tmp, blank=True, null=True)
Now with Django standard permissions I have the possibility to choose between add, change and delete, what I want to have is an extended change permission, to offer the ability to give group rights only to change the logo for example, but disallow that same group to modify the item description. I don't want or need a user to entry relation, but simply give the possibility to different groups to edit single fields of a model using the standard admin interface. I'm even not sure if I am talking about per-object permission?
Does anyone know what's best to use or how I would implement it myself? I could also imagine to have read-only users who can access/read everything but won't be able to modify, this isn't possible neither.
Thanks for any help.
668
Django provides an authentication and authorization ("permission") system, built on top of the session framework discussed in the previous tutorial, that allows you to verify user credentials and define what actions each user is allowed to perform.
With Django, you can create groups to class users and assign permissions to each group so when creating users, you can just assign the user to a group and, in turn, the user has all the permissions from that group. To create a group, you need the Group model from django. contrib. auth.
To test which users have basic permissions, you can use the following code. view: user. has_perm('product. view_order') Adding permissions to restrict a function to only users that have that particular permission can be done by using a Django built-in decorator, permission_required .
The most flexible but way would be to:
can_modify_descr) As far as I can see this is the only way to achieve what you want, but also requires a lot of work.
188
One simple way to achieve that is to create many ModelAdmin for the same model (one for each "group"). To do that you need to create one Proxy Models for each "group" like this:
models.py
class Item(models.Model):
name = models.CharField(max_length=64, unique=True)
description = models.CharField(max_length=128, default='')
logo = ImageField(upload_to=/tmp, blank=True, null=True)
class ItemGroup1(Item):
class Meta:
proxy = True
admin.py
class ItemAdmin(models.ModelAdmin):
...
class ItemGroup1Admin(models.ModelAdmin):
readonly_fields = ('logo', 'description')
And then you just need to set the permissions of group 1 to only have access to ItemGroup1, etc.
See this post for more info: Using Proxy Models to Customize the Django Admin
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
