Limiting access to data through user permissions?

[Will Meyers]

Just need some help getting over a wall I've hit.

I have a web application that whenever a user signs up, is assigned a 
License. This License has CustomPermissions attached to it telling what 
values of a field within a materialized view they have access to. I have an 
API that needs to filter data requested against the User who requested it 
based on the User's license. I drafted some example models below that 
outlines my problem.

class CustomPermission(models.Model):
name = models.CharField(max_length=255)
field = models.CharField(max_length=255)
value = models.CharField(max_length=255)

class License(models.Model):
name = models.CharField(max_length=255)
permissions = models.ManyToManyField(CustomPermissions)
...

class User(AbstractBaseUser):
license = models.ForeignKey(License, on_delete=models.CASCADE)
...

This works fine if I'm only filtering columns with text values. I can just 
do

...
user = request.user
permissions = user.license.permissions.values_list('field', 'value')
return queryset.objects.filter(**{field: value for field, value in permissions})

This issue is that I cannot filter against other datatypes (datetimes for 
example). If I wanted to limit access to data published in the last 90 days 
for example, there's no way to represent that in this model.

To solve this I was thinking of using a sparse table for the 
CustomPermission model. Something like

class CustomPermission(models.Model):
name = models.CharField(max_length=255)
field = models.CharField(max_length=255)
operation = models.CharField(max_length='32')
text_value = models.CharField(max_length=255, null=True, blank=True)
date_value = models.DateField(null=True, blank=True)

Where operation would be equal to '__gt', '__lt', ... things like that. I 
can then just do something similar as before

...
user = request.user
permissions = user.license.permissions.values_list('field', 'operation', 
'text_value', 'date_value')return queryset.objects.filter(**{fld + op: txt_val 
or dat_val for fld, op, txt_val, dat_val in permissions})

But this does not feel right, and can get messy quickly. Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/1f8f1c2a-4c21-48a0-ae4d-a128f79a3d0co%40googlegroups.com.

User permissions

[Joel Mathew]

How are you implementing user permission groups in your project? I'm using
a model to store user and other models as foreign key and permissions as
boolean? Is there a preferred module or standard way to do this?

Sincerely yours,

 Joel G Mathew

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAA%3Diw_-q4HqkxoUnaO1ij%2BKanW-wJKV-xL6NufcuPboVfNMPRQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

How to save user permissions from custom user edit form

[DJ-Tom]

Hi,

I have created the following user form for my custom user model:

class UsersForm(ModelForm):
class Meta:
model = UserAccount
fields = ('is_active', 'is_superuser', 'is_templog', 'is_crewreg', 
'is_spaceman','first_name', 'last_name',
  'company', 'address1', 'address2', 'address3', 'zipcode', 
'city', 'country', 'email', 'favourite_event',
  'user_permissions')

def __init__(self, *args, **kwargs):
super(UsersForm, self).__init__(*args, **kwargs)
self.fields['country'].required = False
self.fields['user_permissions'].widget.attrs['class'] = 'input-xxlarge'
self.fields['user_permissions'].widget.attrs['style'] = 
'min-height:150px'
self.fields['user_permissions'].help_text = 'Specific permissions for 
this user. Hold down "Control", or "Command" on a Mac, to select more than one.'



But when I save it via form.save(), any changed permissions are not saved. 
What do I have to do to change this? 

thanks 
Thomas

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/7c11c2b2-4c2e-46d5-93cd-97924cf79bc9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: logged in user permissions and roles caching

[James Schneider]

On Wed, Jan 20, 2016 at 10:06 PM, Eddilbert Macharia 
wrote:

> Hello guys I'm a little bit confused... .  When using django all that
> is, permissions and roles He is my understanding of how django
> works. On each request made my by a client django creates a request
> object from it And by using the authentication middleware it adds the
> logged in user to this request objectnow the unclear part
>
> Where does django get this authenticated user assuming the user is logged
> in,  and the permissions that are cached on user object?
>
> I didn't see where they were achieving this cause out of my head i would
> be using sessions to store logged in user?
>
> I saw in the source code the permissions were being cached on the user
> object which also i would have stored in the session?
>
> Enlighten me please.
>
>
Purely a guess, but to me, Django pulls fresh user information every
request because the information regarding that user may have changed since
the last request (changed permissions, etc.). Storing it in a session means
that the information would need to be serialized and written back to your
session backend at the end of the response (meaning extra process time), to
sit there only until it is then overwritten on the next request or some
other workflow causes the the session information to change (where the
session has to be queried and deserialized, more processing time). Even
worse, you now have two (or more) copies of that information in your
database, and at least one of them in a non-indexed, linearly serialized,
and comparatively bloated format. Doesn't bode well from a DB normalization
standpoint. I make it a point to never statically store information that
can be queried and/or computed from the raw data (in an optimized and
indexed DB), unless those queries end up being significantly more expensive
than storing the computed answer. To date, I haven't hit that point (to be
fair, I don't work with large data sets that require extensive analysis,
every case differs and should be profiled accordingly).

If you instead used the user info from the session (which is likely
possible using a custom auth backend), the user would not be subject to
permission changes (or more importantly, if an account gets disabled) while
the user has an active session until they log out and back in (where the
user information in the session is presumably refreshed). I suppose you
could develop a workflow to refresh the user information whenever
permissions, etc. are modified, but that just adds complication for [what I
see as] little gain.

Performing the lookup on every request is also compatible with Django
applications that do not keep a session for each user.

Again, this is purely a guess, but the behavior makes sense to me. I
suppose if you are trying to save one or two SELECT queries per page-load,
it may be worth it, but it does add complexity and more work for the DB in
addition to the extra processing required for serialization. I suppose
personal preference for the described behavior also would play a role.

If I'm incorrect here, someone please jump in.

-James

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2Be%2BciXSYzRw9NTYTL_MOnqpk0xtzM9LpY33bdf-%3DksyK7O%2BsA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

logged in user permissions and roles caching

[Eddilbert Macharia]

Hello guys I'm a little bit confused... .  When using django all that is, 
permissions and roles He is my understanding of how django works. On 
each request made my by a client django creates a request object from it 
And by using the authentication middleware it adds the logged in user to this 
request objectnow the unclear part

Where does django get this authenticated user assuming the user is logged in,  
and the permissions that are cached on user object?

I didn't see where they were achieving this cause out of my head i would be 
using sessions to store logged in user? 

I saw in the source code the permissions were being cached on the user object 
which also i would have stored in the session? 

Enlighten me please. 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/0f5b8c1a-f89a-4b7f-892b-b91b559b1c5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: User Permissions

[Carlos Leite]

On Wed, Jul 31, 2013 at 2:01 AM, Jani Tiainen  wrote:
> On Tue, 30 Jul 2013 16:39:27 -0300
> Carlos Leite  wrote:
>
>> Django do not have a "per-row" permission system in the box.
>> You will have to create that by yourself.
>
> That is slightly incorrect - Django _does_ have foundation for object (row) 
> level permission system. There is just no default implementation in standard 
> auth

Exactly.
per row perms Is not something that you just need some configs or
fixture to use with Groups and Permis. It needs code to be written to
be used.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: User Permissions

[Jani Tiainen]

On Tue, 30 Jul 2013 16:39:27 -0300
Carlos Leite  wrote:

> Django do not have a "per-row" permission system in the box.
> You will have to create that by yourself.

That is slightly incorrect - Django _does_ have foundation for object (row) 
level permission system. There is just no default implementation in standard 
auth
module. User methods get_group_permissions, get_all_permissions, has_perm and 
has_perms does accept optional second parameter "obj" which if set anything 
else but None will check permission for spesific object instead of model.

 contains more 
info about customizing authentication backend.
 
> You may start adding something like "owner" to your content type.
> this field will be somthing like
> 
>   owner = models.ForeignKey(User)
> 
> then, based on "request.user" in your views (for instance),
> you may filter objects using .objects.filter(owner=requet.user)
> 
> hope that helps.
> 
> 
> 
> On Tue, Jul 30, 2013 at 12:39 PM,   wrote:
> > Hi All,
> >
> > I have a very simple django site.
> > The site allows the administrator to create a model which contains 5 text
> > items and then stores that to the sqlite database.
> > I have also created a user login page from a tutorial on youtube.
> > I want to be able to control which model the logged in user has access to.
> > For instance I want user "John" to be able to see logged model entries 1-5
> > and not 6-7.
> > Is this simple? How should I go about setting permissions?
> >
> > Any help is appreciated. If you would like specific code please ask.
> >
> > Thanks
> >
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to django-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to django-users@googlegroups.com.
> > Visit this group at http://groups.google.com/group/django-users.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> >
> 
> 
> 
> -- 
> 
> Cadu Leite
> twitter: @cadu_leite
> http://people.python.org.br/
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> For more options, visit https://groups.google.com/groups/opt_out.
> 
> 

-- 

Jani Tiainen

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: User Permissions

[John DeRosa]

Take a look at django-guardian. (http://pythonhosted.org/django-guardian/)

John

On Jul 30, 2013, at 12:39 PM, Carlos Leite  wrote:

> Django do not have a "per-row" permission system in the box.
> You will have to create that by yourself.
> 
> You may start adding something like "owner" to your content type.
> this field will be somthing like
> 
>  owner = models.ForeignKey(User)
> 
> then, based on "request.user" in your views (for instance),
> you may filter objects using .objects.filter(owner=requet.user)
> 
> hope that helps.
> 
> 
> 
> On Tue, Jul 30, 2013 at 12:39 PM,   wrote:
>> Hi All,
>> 
>> I have a very simple django site.
>> The site allows the administrator to create a model which contains 5 text
>> items and then stores that to the sqlite database.
>> I have also created a user login page from a tutorial on youtube.
>> I want to be able to control which model the logged in user has access to.
>> For instance I want user "John" to be able to see logged model entries 1-5
>> and not 6-7.
>> Is this simple? How should I go about setting permissions?
>> 
>> Any help is appreciated. If you would like specific code please ask.
>> 
>> Thanks
>> 
>> 
>> 
>> 
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to django-users@googlegroups.com.
>> Visit this group at http://groups.google.com/group/django-users.
>> For more options, visit https://groups.google.com/groups/opt_out.
>> 
>> 
> 
> 
> 
> -- 
> 
> Cadu Leite
> twitter: @cadu_leite
> http://people.python.org.br/
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> For more options, visit https://groups.google.com/groups/opt_out.
> 
> 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: User Permissions

[Carlos Leite]

Django do not have a "per-row" permission system in the box.
You will have to create that by yourself.

You may start adding something like "owner" to your content type.
this field will be somthing like

  owner = models.ForeignKey(User)

then, based on "request.user" in your views (for instance),
you may filter objects using .objects.filter(owner=requet.user)

hope that helps.



On Tue, Jul 30, 2013 at 12:39 PM,   wrote:
> Hi All,
>
> I have a very simple django site.
> The site allows the administrator to create a model which contains 5 text
> items and then stores that to the sqlite database.
> I have also created a user login page from a tutorial on youtube.
> I want to be able to control which model the logged in user has access to.
> For instance I want user "John" to be able to see logged model entries 1-5
> and not 6-7.
> Is this simple? How should I go about setting permissions?
>
> Any help is appreciated. If you would like specific code please ask.
>
> Thanks
>
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>



-- 

Cadu Leite
twitter: @cadu_leite
http://people.python.org.br/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

User Permissions

[ghinfey]

Hi All,

I have a very simple django site.
The site allows the administrator to create a model which contains 5 text 
items and then stores that to the sqlite database.
I have also created a user login page from a tutorial on youtube.
I want to be able to control which model the logged in user has access to.
For instance I want user "John" to be able to see logged model entries 1-5 
and not 6-7.
Is this simple? How should I go about setting permissions?

Any help is appreciated. If you would like specific code please ask.

Thanks




-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Add chosen user Permission in User table from Avaliable user Permissions by writing code

[Nikhil Verma]

Hi All

I am in User Table from django auth and in the admin i am in change_forms
page .
I can clearly see that there is ManyToMany relationship field called
user_permission.
In user_permission filed we have choosen user permssion in which we choosen
permission gets saved.

However i want to set it from code  example everytime the user gets
selected i want some permissions(which is already persent in Available
permission box) get saved to choosen permission box from code.How can i do
this ?

-- 
Regards
Nikhil Verma
+91-958-273-3156

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Django User Permissions

[David De La Harpe Golden]

On 15/02/11 17:31, hank23 wrote:
> So my question is what type of object is returned by user.user_permissions?

First, N.B. you probably want to look at user.get_all_permissions().
user_permissions in particular doesn't represent all permissions a user
"has" in the django.contrib.auth system, only ones granted directly to
the user, not ones they have e.g. by way of group membership.

Anyway, to answer your question: User to Permission is a ManyToManyField

http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py#L218

There's involved stuff going on underneath for all such fields, but you
don't usually have to think about it - user.user_permissions winds up
being a specialized sort of Manager, with the usual manager methods -
user.user_permissions.all() etc. So the django docs for managers and
related fields apply:

http://docs.djangoproject.com/en/1.2/topics/db/managers/
http://docs.djangoproject.com/en/1.2/ref/models/relations/


> Or alternatively how can I code type check logic to figure out
> what type it is?

Python has various builtins, type(some.thing) among them.(and
dir(some.thing) will list an object's attrs). Refer to python docs, there.

But you might also want to install ipython if you haven't already.  It
provides a more full-featured interactive repl for python, that django
`./manage.py shell` will pick up and use automatically if present. Then
you can just type `some.thing?` at the shell find out all sorts of stuff
about some.thing, and have get tab completion of obj attrs and such.

http://ipython.github.com/ipython-doc/stable/html/interactive/reference.html#dynamic-object-information

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Django User Permissions

[hank23]

I'm trying to get used to working with django's user authentication
framework and want to display the permissions for a user I've created.
When I try to display the the permissions that I get back from
user.user_permissions I had assumed that something like a list would
be returned and be iterable, but it's neither. So my question is what
type of object is returned by user.user_permissions? Or alternatively
how can I code type check logic to figure out what type it is? Thanks
for the help.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Multiple Select Option Widget Like User Permissions in Admin

[Bob Hancock]

I've searched Django Snippets and I've started to debug how the Admin 
interface does it, but is there an existing widget that displays a list of 
choices in a left box and allows you to move them to a right box with a 
click like the selection of User Permissions in the Admin or the jQuery 
plugin http://goo.gl/tB8pr?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: auth user permissions

[MikeKJ]

Thx, knew I'd forgotten something


Łukasz Balcerzak wrote:
> 
> Try running "python manage.py syncdb". Hope that helps
> 
> On Nov 19, 2:00 pm, MikeKJ  wrote:
>> I have forgotten something here, added a model to a site, restarted the
>> server but the add/change/delete permission set is not showing in the
>> auth-user add permission set, what is it I have forgotten please?
>> --
>> View this message in
>> context:http://old.nabble.com/auth-user-permissions-tp30257316p30257316.html
>> Sent from the django-users mailing list archive at Nabble.com.
> 
> -- 
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/auth-user-permissions-tp30257316p30257562.html
Sent from the django-users mailing list archive at Nabble.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: auth user permissions

[lukaszb]

Try running "python manage.py syncdb". Hope that helps

On Nov 19, 2:00 pm, MikeKJ  wrote:
> I have forgotten something here, added a model to a site, restarted the
> server but the add/change/delete permission set is not showing in the
> auth-user add permission set, what is it I have forgotten please?
> --
> View this message in 
> context:http://old.nabble.com/auth-user-permissions-tp30257316p30257316.html
> Sent from the django-users mailing list archive at Nabble.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

auth user permissions

[MikeKJ]

I have forgotten something here, added a model to a site, restarted the
server but the add/change/delete permission set is not showing in the
auth-user add permission set, what is it I have forgotten please?
-- 
View this message in context: 
http://old.nabble.com/auth-user-permissions-tp30257316p30257316.html
Sent from the django-users mailing list archive at Nabble.com.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Inlines user permissions problem + view only permissions

[Vali Lungu]

Hello,

I'm not sure if this is a bug or I'm just missing something (although I have
already parsed the documentation about inlines), but:

Let's say I have a model A. Model A is an inline of model B. User U has full
access to model B, but only change permissions to model A (so, no add, nor
delete).

However, when editing model B, user U can still see the "Add another A" link
at the bottom, although U hasn't add permissions for that respective model.

What's wrong? Why does that link keep on showing? My logic says that if U
does not have permissions to add A, the link shouldn't appear anymore.

Also, ideally, I would like to give U only view rights to model A (so no
add, delete or change - only view), but I've read about that (strange, if
you ask me) philosophy according to which "If you don't trust U, just deny
him access to the admin area all together". Kind of a stupid doctrine.

Right now, I'm trying to simulate this 'view only permissions' by leaving U
with just change rights and set all fields as read only. But I think this is
kind of a stupid approach and may also cause problems like the permissions
thing above...

How does an average Django programmer like me achieve view-only permissions,
and most of all how should I get rid of the "Add another A" link at the
bottom of the admin edit form?

Thanks in advance!

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permissions to see a view

[ALJ]

I am restricting access to particular pages. The reports page doesn't
have a particular model. It's going to have some 'flat' content and
links to lots of other reports. So that is why I was confused. There
is no underlying data model for that page.

I was going to query rebus's suggestion. I didn't get how putting the
permissions there would help. It's not associated with the model that
is underlying the reports page.

However ... I tried it anyway and then checked the admin and sure
enough the permissions "can do stuff" are there. So, are you saying
that I could just create the permissions in any old model (like
UserType) and then in the User Admin create a group, associate the
relevant permissions with each group and then associate the users with
the group?

   class Meta:
permissions = (
("can_view_reports", "Can view reports"),
("can_view_appointments", "Can view appointments"),
("can_view_other_sensitive_stuff", "Can view other
sensitive stuff"),
)

(Sorry. I realise that some of you might be banging your head against
the wall, laughing ... or both. )

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permissions to see a view

[rebus_]

On 18 February 2010 14:02, Alexey Kostyuk  wrote:
> Hi ALJ!
>
> Why can not you add a model 'reports' (in your example) and add the
> required permissions?
> Also you can add custom permissions[1] to any other models of your app
> and use them.
>
> [1]http://docs.djangoproject.com/en/dev/topics/auth/#id2
>
> On Thu, 2010-02-18 at 04:29 -0800, ALJ wrote:
>> Hi Alexey,
>>
>> But how do you set a permission for a view? There's no underlying
>> model to which to add the custom meta permissions.
>>
>> ALJ
>>
>> On Feb 18, 12:48 pm, Alexey Kostyuk  wrote:
>> > On Thu, 2010-02-18 at 02:30 -0800, ALJ wrote:
>> > > First project and struggling a bit.
>> >
>> > > I have some views that I want to restrict access to, depending on user
>> > > type. How do I do that?
>> >
>> > > For example, I have a 'reports' view that I only want teachers to
>> > > see ... not students. I can't see how to create a custom permission
>> > > because there is no underlying model for the view. So do I need to
>> > > create a custom user model or would it be better to just use
>> > > profiles?
>> >
>> > > :-(
>> >
>> > You can use decorator @permission_required in your views.
>> > See link[1] for details.
>> >
>> > [1]http://docs.djangoproject.com/en/dev/topics/auth/#the-permission-requ..
>> >
>> > --
>> > Alexey Kostyuk 
>>
>
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>

Permissions are defined per Model basis.

You define a permission for each Model in Models Meta class.

class UserType(models.Model):
   id = models.CharField(max_length=3, primary_key=True)
   name = models.CharField(max_length=30)

   def __unicode__(self):
   return u'%s' % (self.name)

   class Meta:
permissions = (
("can_do_stuff", "Can do stuff"),
)

After running syncdb you can assign that custom permission to some
User or Group which will then have permission "can_do_stuff" for
objects of that Model.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permissions to see a view

[Alexey Kostyuk]

Hi ALJ!

Why can not you add a model 'reports' (in your example) and add the
required permissions?
Also you can add custom permissions[1] to any other models of your app
and use them.

[1]http://docs.djangoproject.com/en/dev/topics/auth/#id2

On Thu, 2010-02-18 at 04:29 -0800, ALJ wrote:
> Hi Alexey,
> 
> But how do you set a permission for a view? There's no underlying
> model to which to add the custom meta permissions.
> 
> ALJ
> 
> On Feb 18, 12:48 pm, Alexey Kostyuk  wrote:
> > On Thu, 2010-02-18 at 02:30 -0800, ALJ wrote:
> > > First project and struggling a bit.
> >
> > > I have some views that I want to restrict access to, depending on user
> > > type. How do I do that?
> >
> > > For example, I have a 'reports' view that I only want teachers to
> > > see ... not students. I can't see how to create a custom permission
> > > because there is no underlying model for the view. So do I need to
> > > create a custom user model or would it be better to just use
> > > profiles?
> >
> > > :-(
> >
> > You can use decorator @permission_required in your views.
> > See link[1] for details.
> >
> > [1]http://docs.djangoproject.com/en/dev/topics/auth/#the-permission-requ..
> >
> > --
> > Alexey Kostyuk 
> 


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permissions to see a view

[ALJ]

Hi Rebus,

Yeah, I got that, but where do I put the meta permissions? In which
model? The user?

>
#models.py
class UserType(models.Model):
id = models.CharField(max_length=3, primary_key=True)
name = models.CharField(max_length=30)

def __unicode__(self):
return u'%s' % (self.name)

class UserProfile(models.Model):

user = models.ForeignKey(User, unique=True)
usertype = models.ForeignKey(UserType)
address01 = models.CharField(max_length=50, null=True)
address02 = models.CharField(max_length=50, null=True)
...
.


On Feb 18, 2:19 pm, rebus_  wrote:
> On 18 February 2010 13:29, ALJ  wrote:
>
>
>
> > Hi Alexey,
>
> > But how do you set a permission for a view? There's no underlying
> > model to which to add the custom meta permissions.
>
> > ALJ
>
> > On Feb 18, 12:48 pm, Alexey Kostyuk  wrote:
> >> On Thu, 2010-02-18 at 02:30 -0800, ALJ wrote:
> >> > First project and struggling a bit.
>
> >> > I have some views that I want to restrict access to, depending on user
> >> > type. How do I do that?
>
> >> > For example, I have a 'reports' view that I only want teachers to
> >> > see ... not students. I can't see how to create a custom permission
> >> > because there is no underlying model for the view. So do I need to
> >> > create a custom user model or would it be better to just use
> >> > profiles?
>
> >> > :-(
>
> >> You can use decorator @permission_required in your views.
> >> See link[1] for details.
>
> >> [1]http://docs.djangoproject.com/en/dev/topics/auth/#the-permission-requ...
>
> >> --
> >> Alexey Kostyuk 
>
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "Django users" group.
> > To post to this group, send email to django-us...@googlegroups.com.
> > To unsubscribe from this group, send email to 
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group 
> > athttp://groups.google.com/group/django-users?hl=en.
>
> same page...
>
> http://docs.djangoproject.com/en/dev/topics/auth/#id2

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permissions to see a view

[rebus_]

On 18 February 2010 13:29, ALJ  wrote:
> Hi Alexey,
>
> But how do you set a permission for a view? There's no underlying
> model to which to add the custom meta permissions.
>
> ALJ
>
> On Feb 18, 12:48 pm, Alexey Kostyuk  wrote:
>> On Thu, 2010-02-18 at 02:30 -0800, ALJ wrote:
>> > First project and struggling a bit.
>>
>> > I have some views that I want to restrict access to, depending on user
>> > type. How do I do that?
>>
>> > For example, I have a 'reports' view that I only want teachers to
>> > see ... not students. I can't see how to create a custom permission
>> > because there is no underlying model for the view. So do I need to
>> > create a custom user model or would it be better to just use
>> > profiles?
>>
>> > :-(
>>
>> You can use decorator @permission_required in your views.
>> See link[1] for details.
>>
>> [1]http://docs.djangoproject.com/en/dev/topics/auth/#the-permission-requ...
>>
>> --
>> Alexey Kostyuk 
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>

same page...

http://docs.djangoproject.com/en/dev/topics/auth/#id2

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permissions to see a view

[ALJ]

Hi Alexey,

But how do you set a permission for a view? There's no underlying
model to which to add the custom meta permissions.

ALJ

On Feb 18, 12:48 pm, Alexey Kostyuk  wrote:
> On Thu, 2010-02-18 at 02:30 -0800, ALJ wrote:
> > First project and struggling a bit.
>
> > I have some views that I want to restrict access to, depending on user
> > type. How do I do that?
>
> > For example, I have a 'reports' view that I only want teachers to
> > see ... not students. I can't see how to create a custom permission
> > because there is no underlying model for the view. So do I need to
> > create a custom user model or would it be better to just use
> > profiles?
>
> > :-(
>
> You can use decorator @permission_required in your views.
> See link[1] for details.
>
> [1]http://docs.djangoproject.com/en/dev/topics/auth/#the-permission-requ...
>
> --
> Alexey Kostyuk 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permissions to see a view

[Alexey Kostyuk]

On Thu, 2010-02-18 at 02:30 -0800, ALJ wrote:
> First project and struggling a bit.
> 
> I have some views that I want to restrict access to, depending on user
> type. How do I do that?
> 
> For example, I have a 'reports' view that I only want teachers to
> see ... not students. I can't see how to create a custom permission
> because there is no underlying model for the view. So do I need to
> create a custom user model or would it be better to just use
> profiles?
> 
> :-(
> 
You can use decorator @permission_required in your views.
See link[1] for details.

[1]http://docs.djangoproject.com/en/dev/topics/auth/#the-permission-required-decorator

-- 
Alexey Kostyuk 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

User permissions to see a view

[ALJ]

First project and struggling a bit.

I have some views that I want to restrict access to, depending on user
type. How do I do that?

For example, I have a 'reports' view that I only want teachers to
see ... not students. I can't see how to create a custom permission
because there is no underlying model for the view. So do I need to
create a custom user model or would it be better to just use
profiles?

:-(

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

user permissions of request in template

[mendes.rich...@gmail.com]

Hello Django Users,

I'm currently working on a part of the admin portal for a django
application.
This specific part of the admin page should only be available to one
guy and the superusers.

in order to do this i thought to add a special permission in the
permission model which i can add to individual users if needed.
i approached it this way because i thought i could access all the
permissions in a template when i render the request object with the
template by doing

return render_to_response("template",RequestContext(request,{}),)

i thought this gave me the opportunity to access all the user related
information like username etc, but i can't seem to find out how to
specifically look for one permission.
So my questions are, is it possible to look for one specific
permission in the request object and if so how do i access / look for
it.

The main problem i have here is that i can't figure out how to deal
with the manytomany permission relation from the user request object.

If this can't be done, do you have some advice of another way to
approach this problem ( besides writing some code in the main.py from
the admin/views directory ).

Any help is greatly appreciated.

best regards,

Richard Mendes


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: Row-specific user permissions

[nkulmati]

Thank you Alex, this is an excellent article.

On Jul 18, 5:55 pm, Alex Gaynor  wrote:
> On Sat, Jul 18, 2009 at 4:23 PM, nkulmati wrote:
>
> > Hi Django users,
>
> > It's been a while since I used Django, so I need an update on the
> > following question.
>
> > Has anyone found a generic solution to django-admin's huge flaw -
> > specifically, not being able to limit view/edit/delete activities
> > based on object-specific (not model-specific) characteristics and user
> > permissions?
> > (For example. limiting what *instances* a user can see/edit/delete to
> > only those he has created.)
>
> > Or do I still have to reinvent the whole admin application just to
> > incorporate the feature?
> > (Which, by the way, is a must for any collaborative online
> > publication.)
>
> > Thanks to all who have thought about the same problem.
>
> Take a look at this:http://www.b-list.org/weblog/2008/dec/24/admin/
>
> Alex
>
> --
> "I disapprove of what you say, but I will defend to the death your
> right to say it." -- Voltaire
> "The people's good is the highest law." -- Cicero
> "Code can always be simpler than you think, but never as simple as you
> want" -- Me
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Row-specific user permissions

[Alex Gaynor]

On Sat, Jul 18, 2009 at 4:23 PM, nkulmati wrote:
>
> Hi Django users,
>
> It's been a while since I used Django, so I need an update on the
> following question.
>
> Has anyone found a generic solution to django-admin's huge flaw -
> specifically, not being able to limit view/edit/delete activities
> based on object-specific (not model-specific) characteristics and user
> permissions?
> (For example. limiting what *instances* a user can see/edit/delete to
> only those he has created.)
>
> Or do I still have to reinvent the whole admin application just to
> incorporate the feature?
> (Which, by the way, is a must for any collaborative online
> publication.)
>
> Thanks to all who have thought about the same problem.
> >
>

Take a look at this: http://www.b-list.org/weblog/2008/dec/24/admin/

Alex

-- 
"I disapprove of what you say, but I will defend to the death your
right to say it." -- Voltaire
"The people's good is the highest law." -- Cicero
"Code can always be simpler than you think, but never as simple as you
want" -- Me

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Row-specific user permissions

[nkulmati]

Hi Django users,

It's been a while since I used Django, so I need an update on the
following question.

Has anyone found a generic solution to django-admin's huge flaw -
specifically, not being able to limit view/edit/delete activities
based on object-specific (not model-specific) characteristics and user
permissions?
(For example. limiting what *instances* a user can see/edit/delete to
only those he has created.)

Or do I still have to reinvent the whole admin application just to
incorporate the feature?
(Which, by the way, is a must for any collaborative online
publication.)

Thanks to all who have thought about the same problem.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: "available user permissions" list incomplete

[Malcolm Tredinnick]

On Sun, 2008-11-23 at 22:22 -0800, sajal wrote:
> thanks a lot.. that fixed it.
> 
> Even after making the mess that i made, a syncdb solved the issue
> keeping all my other data intact.
> 
> I however have a related question.
> 
> While modifying the existing classes, i.e. adding fields, i do the
> "ALTER TABLE" by hand as suggested by 
> http://www.djangobook.com/en/1.0/chapter05/
> 
> Am I gonna run into trouble for this with auth or something else?

No, that will be fine. Altering the table via SQL is not a problem. It's
at initial creation time that the extra stuff (registering with the
content type app and the auth system) is done.

Regards,
Malcolm



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: "available user permissions" list incomplete

[sajal]

thanks a lot.. that fixed it.

Even after making the mess that i made, a syncdb solved the issue
keeping all my other data intact.

I however have a related question.

While modifying the existing classes, i.e. adding fields, i do the
"ALTER TABLE" by hand as suggested by 
http://www.djangobook.com/en/1.0/chapter05/

Am I gonna run into trouble for this with auth or something else?

On Nov 24, 12:58 pm, Malcolm Tredinnick <[EMAIL PROTECTED]>
wrote:
> On Sun, 2008-11-23 at 21:47 -0800, sajal wrote:
> > Apologies for the lack of details, didnt really know what details to
> > provide.
>
> > Here is what I did.
>
> Good step-by-step accounting of what you did. Makes it easy to spot
> where the problem is.
>
> > 2 users (one superadmin and one regular user)
> > make a new "app" and add few models to it.
> > Assign permission for the new models class to the staff user via the
> > django admin interface.
> > modify the existing models - and accordingly run "ALTER TABLE"
> > commands in pgsql
> > Add 2 new classes , paste the create table queries generated by sqlall
> >  into pgsql
>
> This is the problem step: creating *new* tables by hand.
>
> The admin permissions are stored in a table called auth_permission. They
> are filled in after "syncdb" is run. So when you create a new model, you
> should generally try to create the table by running "manage.py syncdb",
> rather than just the cutting-and-pasting trick. Syncdb will create
> tables for any models that don't exist. What it doesn't do is alter
> existing tables (which is why you have to do ALTER TABLE commands when
> you adjust a model after initially creating it).
>
> At the completion of a syncdb command, any new models have their
> permissions inserted into the auth_permission table. Since you skipped
> that step (syncdb), the table isn't correctly populated. You'll also
> have a few other problems, such as the django_content_type table not
> being populated for that model.
>
> My suggestion would be to drop the table you created from scratch by
> hand and manually run syncdb to have it inserted correctly. If that
> isn't possible, you'll have to work out how to populate the content_type
> and then auth_permission tables by hand, which will be possible, but
> would be fairly fiddly. So, try really hard to drop the manually created
> tables (e.g. dump their existing data to a file, drop the table, syncdb,
> reload the data).
>
> Regards,
> Malcolm
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: "available user permissions" list incomplete

[Malcolm Tredinnick]

On Sun, 2008-11-23 at 21:47 -0800, sajal wrote:
> Apologies for the lack of details, didnt really know what details to
> provide.
> 
> Here is what I did.

Good step-by-step accounting of what you did. Makes it easy to spot
where the problem is.

> 2 users (one superadmin and one regular user)
> make a new "app" and add few models to it.
> Assign permission for the new models class to the staff user via the
> django admin interface.
> modify the existing models - and accordingly run "ALTER TABLE"
> commands in pgsql
> Add 2 new classes , paste the create table queries generated by sqlall
>  into pgsql

This is the problem step: creating *new* tables by hand.

The admin permissions are stored in a table called auth_permission. They
are filled in after "syncdb" is run. So when you create a new model, you
should generally try to create the table by running "manage.py syncdb",
rather than just the cutting-and-pasting trick. Syncdb will create
tables for any models that don't exist. What it doesn't do is alter
existing tables (which is why you have to do ALTER TABLE commands when
you adjust a model after initially creating it).

At the completion of a syncdb command, any new models have their
permissions inserted into the auth_permission table. Since you skipped
that step (syncdb), the table isn't correctly populated. You'll also
have a few other problems, such as the django_content_type table not
being populated for that model.

My suggestion would be to drop the table you created from scratch by
hand and manually run syncdb to have it inserted correctly. If that
isn't possible, you'll have to work out how to populate the content_type
and then auth_permission tables by hand, which will be possible, but
would be fairly fiddly. So, try really hard to drop the manually created
tables (e.g. dump their existing data to a file, drop the table, syncdb,
reload the data).

Regards,
Malcolm



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: "available user permissions" list incomplete

[sajal]

Apologies for the lack of details, didnt really know what details to
provide.

Here is what I did.

2 users (one superadmin and one regular user)
make a new "app" and add few models to it.
Assign permission for the new models class to the staff user via the
django admin interface.
modify the existing models - and accordingly run "ALTER TABLE"
commands in pgsql
Add 2 new classes , paste the create table queries generated by sqlall
 into pgsql
Now, superuser has access to all the new classes which work fine,
however the "Available user permissions" in the "Change User" form
doesnt show the new classes. Neither does the "Add group" page.

If there is some specific command whose output would show something
useful for debugging do let me know.

I am a noob at Django and am under the impression that this "somebody
with a crystal ball" exists and can help me out :)

On Nov 24, 12:08 pm, Malcolm Tredinnick <[EMAIL PROTECTED]>
wrote:
> On Sun, 2008-11-23 at 20:47 -0800, sajal wrote:
> > +1
>
> > Having exactly the same issue. Last night i was busy adding classes
> > and stuff, after uploading to the dev server, im unable to add
> > permissions to a "staff" user since the new class isint in the list.
>
> > me (superuser) can see it allright. For now ill make the "staff" a
> > superuser until i can find a fix.
>
> > Python : 2.5.2
> > >>> django.VERSION
> > (1, 0, 'final')
>
> > using postgresql for the database.
>
> Which makes it a perfect score: neither person having this problem is
> able to supply a small example that reliably demonstrates the problem
> and helps somebody else to repeat the issue. :-(
>
> Maybe you'll get lucky and somebody with a crystal ball will come along
> and use their ESP to debug your issue. Just because it hasn't ever
> happened before, doesn't mean you two won't be the first.
>
> Malcolm
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: "available user permissions" list incomplete

[Malcolm Tredinnick]

On Sun, 2008-11-23 at 20:47 -0800, sajal wrote:
> +1
> 
> Having exactly the same issue. Last night i was busy adding classes
> and stuff, after uploading to the dev server, im unable to add
> permissions to a "staff" user since the new class isint in the list.
> 
> me (superuser) can see it allright. For now ill make the "staff" a
> superuser until i can find a fix.
> 
> Python : 2.5.2
> >>> django.VERSION
> (1, 0, 'final')
> 
> using postgresql for the database.

Which makes it a perfect score: neither person having this problem is
able to supply a small example that reliably demonstrates the problem
and helps somebody else to repeat the issue. :-(

Maybe you'll get lucky and somebody with a crystal ball will come along
and use their ESP to debug your issue. Just because it hasn't ever
happened before, doesn't mean you two won't be the first.

Malcolm



--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: "available user permissions" list incomplete

[sajal]

+1

Having exactly the same issue. Last night i was busy adding classes
and stuff, after uploading to the dev server, im unable to add
permissions to a "staff" user since the new class isint in the list.

me (superuser) can see it allright. For now ill make the "staff" a
superuser until i can find a fix.

Python : 2.5.2
>>> django.VERSION
(1, 0, 'final')

using postgresql for the database.

On Nov 15, 2:43 am, Alex Chun <[EMAIL PROTECTED]> wrote:
> I need to give permission to an admin user to add/edit a class, but
> that class does not appear on the "available user permissions" list.
>
> The class is listed automatically for superusers, so it appears to be
> registered correctly with the admin.  But I can't make that class
> available to regular admin users.
>
> Any help???
>
> (I am running Django 1.0.  The class is missing on both the
> development side and the production side.)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

"available user permissions" list incomplete

[Alex Chun]

I need to give permission to an admin user to add/edit a class, but
that class does not appear on the "available user permissions" list.

The class is listed automatically for superusers, so it appears to be
registered correctly with the admin.  But I can't make that class
available to regular admin users.

Any help???

(I am running Django 1.0.  The class is missing on both the
development side and the production side.)




--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Setting user permissions per object

[finn]

According to the documentation, Django does not at this point support
per-object permission setting. You can set a users' permissions for a
model class, but not for individual instances of that model.

Are there any code examples concerning how one might work around this?
A practical example could be a forum site where you want a specific
forum to be viewable only for a limited group of users, not for all
logged-in users.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Changing the returned query set in the admin interface 'add' section depending on user permissions.

[chewynougat]

Thanks John,

A combination of overriding django's built in functions and some
jiggery pokery has got me most of the way there. I shall continue.

On Aug 19, 2:23 pm, John M <[EMAIL PROTECTED]> wrote:
> I suspect you'll have to intercept one of the many signals django has
> in it's architecture.  Sorry, not sure where to point you other than
> that.
>
> John
>
> On Aug 19, 4:19 am, chewynougat <[EMAIL PROTECTED]>
> wrote:
>
> > Hi,
>
> > I have an admin add form that allows users to insert documents. I have
> > a select box which currently displays all company departments and
> > their relevant categories (e.g. finance and admin -> payroll, finance
> > and admin -> expenses etc). What I would like to do is display the
> > relevant departments and categories only to which the current user
> > belongs. I am totally stumped on how to go about this so any help is
> > much appreciated. Currently I am overriding get_form and get_fieldset
> > to display all departments and categories if the user has all
> > permissions. If the user doesn't have these permissions, the select
> > box is removed and the department to which the current user belongs is
> > used - but this limits the choice to the top level (i.e. finance) and
> > not the categories of the department.
>
> > Thanks in advance.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: Changing the returned query set in the admin interface 'add' section depending on user permissions.

[John M]

I suspect you'll have to intercept one of the many signals django has
in it's architecture.  Sorry, not sure where to point you other than
that.

John

On Aug 19, 4:19 am, chewynougat <[EMAIL PROTECTED]>
wrote:
> Hi,
>
> I have an admin add form that allows users to insert documents. I have
> a select box which currently displays all company departments and
> their relevant categories (e.g. finance and admin -> payroll, finance
> and admin -> expenses etc). What I would like to do is display the
> relevant departments and categories only to which the current user
> belongs. I am totally stumped on how to go about this so any help is
> much appreciated. Currently I am overriding get_form and get_fieldset
> to display all departments and categories if the user has all
> permissions. If the user doesn't have these permissions, the select
> box is removed and the department to which the current user belongs is
> used - but this limits the choice to the top level (i.e. finance) and
> not the categories of the department.
>
> Thanks in advance.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Changing the returned query set in the admin interface 'add' section depending on user permissions.

[chewynougat]

Hi,

I have an admin add form that allows users to insert documents. I have
a select box which currently displays all company departments and
their relevant categories (e.g. finance and admin -> payroll, finance
and admin -> expenses etc). What I would like to do is display the
relevant departments and categories only to which the current user
belongs. I am totally stumped on how to go about this so any help is
much appreciated. Currently I am overriding get_form and get_fieldset
to display all departments and categories if the user has all
permissions. If the user doesn't have these permissions, the select
box is removed and the department to which the current user belongs is
used - but this limits the choice to the top level (i.e. finance) and
not the categories of the department.

Thanks in advance.

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[Erwin Elling]

> Probably, but I always include that in the time scale just in case.
> You know how tricky it is to estimate software development.

I understand; nevertheless your estimates are highly appreciated.
Hopefully Jacob is right about it being closer to now... :)
Untill that time, I guess I'll just start playing with the newforms-
admin branch!

Thanks for clearing things up.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[James Bennett]

On Feb 6, 2008 4:38 PM, Jacob Kaplan-Moss <[EMAIL PROTECTED]> wrote:
> ... though given the choices, I'd be inclined to wager that it's
> closer to "now" than to "the heat death of the universe"...

Probably, but I always include that in the time scale just in case.
You know how tricky it is to estimate software development.


-- 
"Bureaucrat Conrad, you are technically correct -- the best kind of correct."

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[Jacob Kaplan-Moss]

On 2/6/08, James Bennett <[EMAIL PROTECTED]> wrote:
> Some amount of time between "now" and "the heat death of the
> universe". There is no estimate, no timeline, no schedule, no ETA, no
> guess, nor any other synonym of any of those words.

... though given the choices, I'd be inclined to wager that it's
closer to "now" than to "the heat death of the universe"...

Jacob

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[James Bennett]

On Feb 6, 2008 11:57 AM, Erwin <[EMAIL PROTECTED]> wrote:
> That sounds quite interesting, but I'm not totally sure what you are
> referring to. Do you mean the hooks the newforms admin branch provides
> or maybe the possibilities of the row-level permissions branch?

newforms-admin.

row-level-permissions is, as far as I can tell, made obsolete by
newforms-admin -- adding a complex syntax for object-level permissions
is moot when you have the stuff newforms-admin provides.

> How long does will it take is from now to the not-too-distant future?

Some amount of time between "now" and "the heat death of the
universe". There is no estimate, no timeline, no schedule, no ETA, no
guess, nor any other synonym of any of those words.


-- 
"Bureaucrat Conrad, you are technically correct -- the best kind of correct."

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[Erwin]

> In the admin it's basically not possible right now, but will become
> very easy in the not-too-distant future.

That sounds quite interesting, but I'm not totally sure what you are
referring to. Do you mean the hooks the newforms admin branch provides
or maybe the possibilities of the row-level permissions branch?

(The progress of the latter is quite unclear to me, besides some
remarks on this group about postponing it, untill after newforms admin
branch is finished.
http://groups.google.com/group/django-users/browse_thread/thread/630713d903dec1d2/ac8761d863ac9adb#ac8761d863ac9adb)

How long does will it take is from now to the not-too-distant future?
Hopefully you really have some good news for me :)
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[James Bennett]

On Jan 31, 2008 5:06 PM, Chris <[EMAIL PROTECTED]> wrote:
> I've been reading up on user permissions and I have found that user
> permissions are on a per-model basis. My question: If I have a photo
> gallery application, and I have several uses who can post their
> galleries to this application. Is there a way to create permission on
> a per-user basis. Example maybe I created a gallery called 'The
> Rockies' but I only want Bob, Susan, and Tim to see it, Is this
> possible with the built in permissions? or would I have to create a
> table column similar to is_public = models.booleanField().

If all you're worrying about is the public display and/or non-admin
forms, it's fairly simple to do the necessary check in your own code
based on data stored in the model object. Depending on the exact
nature of the check, you might even be able to write a decorator to
handle it for you.

In the admin it's basically not possible right now, but will become
very easy in the not-too-distant future.


-- 
"Bureaucrat Conrad, you are technically correct -- the best kind of correct."

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[Alex Koshelev]

No, just now django doesn't support row level permissions.
Look at this branch http://code.djangoproject.com/wiki/RowLevelPermissions

On 1 фев, 02:06, Chris <[EMAIL PROTECTED]> wrote:
> I've been reading up on user permissions and I have found that user
> permissions are on a per-model basis. My question: If I have a photo
> gallery application, and I have several uses who can post their
> galleries to this application. Is there a way to create permission on
> a per-user basis. Example maybe I created a gallery called 'The
> Rockies' but I only want Bob, Susan, and Tim to see it, Is this
> possible with the built in permissions? or would I have to create a
> table column similar to is_public = models.booleanField().
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: User permissions

[Michael Elsdörfer]

 > gallery application, and I have several uses who can post their
 > galleries to this application. Is there a way to create permission on
 >  a per-user basis.

There apparently was some work on a per-object permissions branch in the 
past, but it looks pretty dead:

http://code.djangoproject.com/wiki/RowLevelPermissions

Michael

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

User permissions

[Chris]

I've been reading up on user permissions and I have found that user
permissions are on a per-model basis. My question: If I have a photo
gallery application, and I have several uses who can post their
galleries to this application. Is there a way to create permission on
a per-user basis. Example maybe I created a gallery called 'The
Rockies' but I only want Bob, Susan, and Tim to see it, Is this
possible with the built in permissions? or would I have to create a
table column similar to is_public = models.booleanField().
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Re: widget looks like user permissions management?

[supafly]

Sorry, all this regulated by filter_interface=models.HORIZONTAL in
model definition.
e.g.: field = models.ManyToManyField(Link,
filter_interface=models.HORIZONTAL)


On 26 дек, 11:11, supafly <[EMAIL PROTECTED]> wrote:
> Is there simple way to render many-to-many/one-to-many relationship
> such as permissions box in django admin interface?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

widget looks like user permissions management?

[supafly]

Is there simple way to render many-to-many/one-to-many relationship
such as permissions box in django admin interface?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

How do you set user permissions in test data?

[Todd O'Bryan]

I've been using fixtures to create test data, but how do I set user
permissions that aren't brittle? If I use

./manage.py dumpdata

it dumps the user_permissions as a list of ids of permissions the user
has. The problem is, as I add more apps/permissions to my project, those
ids are likely to change and my test data will end up invalid.

Is there some way to specify a permission by name in a fixture or some
easier way to do this that I'm missing?

Todd


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---