django-permissions

How to add django rest framework permissions on specific method only ?

穿精又带淫゛_ 提交于 2019-12-29 06:14:19
问题 I have following functions in rest API for User model. I want to set AllowAny permission on only POST request. Can someone help me out. class UserList(APIView): """Get and post users data.""" def get(self, request, format=None): """Get users.""" users = User.objects.all() serialized_users = UserSerializer(users, many=True) return Response(serialized_users.data) def post(self, request, format=None): """Post users.""" serializer = UserSerializer(data=request.data) if serializer.is_valid():

Add staff user permissions in admin with custom user model

牧云@^-^@ 提交于 2019-12-24 10:39:53
问题 There are a number of questions about this, but they all seem slightly different to what I need. I have a custom user model in my core app in models.py in django: from django.db import models from django.contrib.auth.models import * from django.contrib.auth.models import ( AbstractBaseUser, BaseUserManager, PermissionsMixin, ) class UserManager(BaseUserManager): def create_user(self, email, password=None, **extra_fields): """Creates and saves a new user""" pl = Permission.objects.filter

Django admin - giving users access to specific objects/fields?

余生颓废 提交于 2019-12-23 09:47:03
问题 I need to make an "owners" login for the admin. Say we have this model structure: class Product(models.Model): owner = models.ManyToManyField(User) name = models.CharField(max_length=255) description = models.CharField(max_length=255) photos = models.ManyToManyField(Photo, through='ProductPhoto') class Photo(models.Model): order = models.IntegerField() image = models.ImageField(upload_to='photos') alt = models.CharField(max_length=255) class ProductPhoto(models.Model): photo = models

Django admin - giving users access to specific objects/fields?

馋奶兔 提交于 2019-12-23 09:46:39
问题 I need to make an "owners" login for the admin. Say we have this model structure: class Product(models.Model): owner = models.ManyToManyField(User) name = models.CharField(max_length=255) description = models.CharField(max_length=255) photos = models.ManyToManyField(Photo, through='ProductPhoto') class Photo(models.Model): order = models.IntegerField() image = models.ImageField(upload_to='photos') alt = models.CharField(max_length=255) class ProductPhoto(models.Model): photo = models

best way to implement privacy on each field in model django

可紊 提交于 2019-12-23 03:43:22
问题 I am trying to provide privacy settings at the model's field level for users. So a user can decide which data he wants to display and which data he wants to hide. Example: class Foo(models.Model): user = models.OneToOneField("auth.User") telephone_number = models.CharField(blank=True, null=True, max_length=10) image = models.ImageField(upload_to=get_photo_storage_path, null=True, blank=True) I want to provide an option to the user to select the fields which he wants to display and which he

Adding new custom permissions in Django

纵然是瞬间 提交于 2019-12-20 07:59:24
问题 I am using custom permissions in my Django models like this: class T21Turma(models.Model): class Meta: permissions = (("can_view_boletim", "Can view boletim"), ("can_view_mensalidades", "Can view mensalidades"),) The problem is that when I add a permission to the list it doesn't get added to the auth_permission table when I run syncdb. What am I doing wrong. If it makes any difference I am using south for database migrations. 回答1: South does not track django.contrib.auth permissions. See

How to restrict my students to don't access teacher area in django? [closed]

两盒软妹~` 提交于 2019-12-18 09:52:25
问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 4 months ago . I'm creating a website where there is two types of users, Students and Teachers. I had created one register and login page for authentication. Now by default all the users who sign up will be the students and can access the videos and also accessing teachers area (I did the

How to restrict my students to don't access teacher area in django? [closed]

泪湿孤枕 提交于 2019-12-18 09:52:17
问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed 4 months ago . I'm creating a website where there is two types of users, Students and Teachers. I had created one register and login page for authentication. Now by default all the users who sign up will be the students and can access the videos and also accessing teachers area (I did the

Invalid Literal error when adding a user permission to a Django user object

喜欢而已 提交于 2019-12-18 05:00:12
问题 I've got a model defined in my Django app foo which looks like this: class Bar(models.Model): class Meta: permissions = ( ("view_bar", "Can view bars"), ) I've run manage.py syncdb on this, and sure enough, it shows up in the auth_permissions table: id|name|content_type_id|codename 41|Can view bars|12|view_bar However, when I try adding that permission to a user object in a view, like so: request.user.user_permissions.add('foo.view_bar') The code blows up with the following exception: invalid

Django rest-framework per action permission

≡放荡痞女 提交于 2019-12-17 23:03:46
问题 I'm a newbie in developing with Django + Django Rest-framework and I'm working on a project that provides REST Api access. I was wondering what is the best practice to assign a different permission to each action of a given ApiView or Viewset. Let's suppose I defined some permissions classes such as 'IsAdmin', 'IsRole1', 'IsRole2', ..., and I want to grant different permissions to the single actions (e.g. a user with Role1 can create or retrieve, a user with Role2 can update, and only an