Re: how to display group and create user permission in templates?

[ABDUL HAFEEZ]

much appreciated


On Tuesday, February 20, 2024 at 7:55:47 AM UTC+5 Ryan Nowakowski wrote:

> On Mon, Feb 19, 2024 at 02:16:29AM -0800, ABDUL HAFEEZ wrote:
> > Hell all how to display *createsuperuser *and there permission in 
> *templates 
> > *instead of admin dashboard 
>
> Users and permissions are just normal Django models[1]. You can create
> your own view and add those objects to the template context then render
> the template just like you would for any other Django view.
>
>
> [1] 
> https://github.com/django/django/blob/a684d73fc9ad94bbc535385d8b1d7c05ea06702f/django/contrib/auth/models.py
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/80a349f5-832d-43bc-8496-920621ece825n%40googlegroups.com.

how to display group and create user permission in templates?

[ABDUL HAFEEZ]

Hell all how to display *createsuperuser *and there permission in *templates 
*instead of admin dashboard 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/f37cffcd-b425-466b-b247-39bac00a1809n%40googlegroups.com.

Django user permission edit in custom dashboard

[Santosh Rana Magar]

Hello Everyone,  

How to achieve django admin site( below picture) user permission field in 
custom dashboard 

[image: h0H8Q.png]

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/9995f14c-82b3-4712-83f3-c99a69298d60%40googlegroups.com.

Re: Set user permission via python

[Nelson Varela]

Correction:

u, created = User.objects.get_or_create(username="user_name", defaults={'
email': 'user...@example.com', 'password': 'blah'})


-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/0c6782d4-ee22-4f90-a299-a6010e5626ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Set user permission via python

[Nelson Varela]

Glad you've found the solution. 
One thing I wanted to advice you is to use the get_or_create method on User.
For more detail check the django documentation.
So:
u, created = User.objects.get_or_create(username="user_name", defaults={
email='user...@example.com', password='blah'})

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/f426be95-6606-4ab8-851a-8b3e6d87c434%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Set user permission via python

[Matt Collins]

I've solved this. First of all, the codename for the permission should be 
called as a codename and second, I had to remove the app name 
(display_data) like this:

permission = Permission.objects.get(codename='settings')


On Tuesday, April 9, 2019 at 9:25:09 PM UTC-6, Matt Collins wrote:
>
> Hi,
>
> I'm trying to set a permission for a user that I'm creating with a python 
> script. I've tested and found that the codename for the permission is 
> "display_data.settings" using the following:
>
> python manage.py shell
> from django.contrib.auth.models import User
> user_name = User.objects.get(username="user_name")
> user_name.get_all_permissions()
> set([u'display_data.settings']) 
>
>
> I'm trying to set this permission for the user with the following:
>
> from django.contrib.auth import get_user_model
> from django.contrib.auth.models import User, Permission
>
> User = get_user_model()
>
> #check to see if user exists, create it if it doesn't
> User.objects.filter(username="user_name").exists() or\
> User.objects.create_user(username='user_name', email='
> usern...@example.com', password='blah')
>  
>
> #add permissions to user
> u = User.objects.get(username="user_name")
> permission = Permission.objects.get(name='display_data.settings')
> u.user_permissions.add(permission)
>
>  
> When I run this, I get the following error:
>
>
> django.contrib.auth.models.DoesNotExist: Permission matching query does 
> not exist.
>
>
> Can anybody tell me what I'm missing? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/e092d493-6dc5-4374-ad9e-e664e6b9d0b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Set user permission via python

[matt]

Hi,

I'm trying to set a permission for a user that I'm creating with a python 
script. I've tested and found that the codename for the permission is 
"display_data.settings" using the following:

python manage.py shell
from django.contrib.auth.models import User
user_name = User.objects.get(username="user_name")
user_name.get_all_permissions()
set([u'display_data.settings']) 


I'm trying to set this permission for the user with the following:

from django.contrib.auth import get_user_model
from django.contrib.auth.models import User, Permission

User = get_user_model()

#check to see if user exists, create it if it doesn't
User.objects.filter(username="user_name").exists() or\
User.objects.create_user(username='user_name', 
email='usern...@example.com', password='blah')
 

#add permissions to user
u = User.objects.get(username="user_name")
permission = Permission.objects.get(name='display_data.settings')
u.user_permissions.add(permission)

 
When I run this, I get the following error:


django.contrib.auth.models.DoesNotExist: Permission matching query does not 
exist.


Can anybody tell me what I'm missing? 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/c039cb7b-fd33-4b41-9e2a-b94e3f2d628f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Remove user permission

[Saurabh Agrawal]

"user.user_permissions.remove" expects a permission object. Or the pk of
that object. Hence, the TypeError.

On Mon, Dec 3, 2018 at 9:02 PM Gaurav Tomer 
wrote:

> I was trying to remove permission of a user using remove utility as below -
>
> user = User.objects.get(id=user_id)
> user.user_permissions.remove("delete_polls")
>
> Then it raises TypeError:invalid literal for int with base 10:
> 'delete_polls'
>
>
> Do I need to pass index here?
>
> As it sounds kind of static way to do so. Is there anything I am missing
> here?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAAb%3DBQodEv2hZyi5aRka5oD_eQwCnkBxcpQz5cJpnHEc33o5DQ%40mail.gmail.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAL1UH0tmmGD7DfvSStABPQkce7_fJV31OGOCHLMKRNbrW2kcgw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Remove user permission

[Gaurav Tomer]

I was trying to remove permission of a user using remove utility as below -

user = User.objects.get(id=user_id)
user.user_permissions.remove("delete_polls")

Then it raises TypeError:invalid literal for int with base 10:
'delete_polls'


Do I need to pass index here?

As it sounds kind of static way to do so. Is there anything I am missing
here?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAAb%3DBQodEv2hZyi5aRka5oD_eQwCnkBxcpQz5cJpnHEc33o5DQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: ManyToMany widget in admin - the "user - permission way.."

[Matemática A3K]

>
> I have this error:
>
> Unhandled exception in thread started by  check_errors..wrapper at 0x7f2fa8d646a8>
>
> Traceback (most recent call last):
>
>   File "/usr/local/lib/python3.5/dist-packages/django/utils/autoreload.py",
> line 228, in wrapper
>
> fn(*args, **kwargs)
>
>   File "/usr/local/lib/python3.5/dist-packages/django/core/
> management/commands/runserver.py", line 125, in inner_run
>
> self.check(display_num_errors=True)
>
>   File 
> "/usr/local/lib/python3.5/dist-packages/django/core/management/base.py",
> line 405, in check
>
> raise SystemCheckError(msg)
>
> django.core.management.base.SystemCheckError: *SystemCheckError: System
> check identified some issues:*
>
>
> ERRORS:
>
> *: (admin.E001) The
> value of 'raw_id_fields' must be a list or tuple.*
>
> this is my admin.py
>

Because for making a tuple of one element you need a trailing comma,
otherwise it is just a string, see below:


>
> from django.contrib import admin
>
> from bootcamp.groups_manager.models import Group, Member, GroupType,
> GroupEntity, GroupMember, GroupMemberRole
> from guardian.admin import GuardedModelAdmin
>
> # With object permissions support
> class GroupAdmin(GuardedModelAdmin):
> #fields = ('group_members', 'django_group')
> raw_id_fields = ('group_members', )
> #search_fields = ('group_members', 'django_group')
> pass
>
> #admin.site.register(models.Group)
> admin.site.register(Group, GroupAdmin)
> admin.site.register(Member)
> admin.site.register(GroupType)
> admin.site.register(GroupEntity)
> admin.site.register(GroupMember)
> admin.site.register(GroupMemberRole)
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/951cd1bc-5888-4d4f-b92b-fc855cb963a2%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BFDnhJAae_MaO6j2RaA1%2B3Ka%3DqdYP_DFcH4F3iUYiVARchimA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: ManyToMany widget in admin - the "user - permission way.."

[Allan Nava]

Il giorno venerdì 27 febbraio 2009 15:14:13 UTC+1, Daniel Roseman ha 
scritto:
>
> On Feb 27, 1:21 pm, Anders  wrote: 
> > Hi. 
> > 
> > In the users admin of Django admin there is a nice way of selecting 
> > permissions for each user by adding and removing permissions from a 
> > list of available permissions. () 
> > 
> > I have models set up similar to the ones used for users and 
> > permissions, but I am not able to get the nice "select from list on 
> > left side and add to right side"-widget. I only get a normal multi- 
> > select box. 
> > 
> > My models could look like this: 
> > 
> > class Interest(models.Model): 
> > name= models.CharField(max_length=255) 
> > 
> > class Person(models.Model): 
> > name= models.CharField(max_length=255) 
> > . 
> > interests = models.ManyToManyField(Interest) 
> > 
> > How can I get the fancy manytomany-widget in the Person admin? 
> > 
> > thanks 
> > 
> > Anders 
>
> Specify a 'filter-horizontal' tuple in the admin model declaration: 
> http://docs.djangoproject.com/en/dev/ref/contrib/admin/#filter-horizontal 
> -- 
> DR.



I have this error:

Unhandled exception in thread started by .wrapper at 0x7f2fa8d646a8>

Traceback (most recent call last):

  File "/usr/local/lib/python3.5/dist-packages/django/utils/autoreload.py", 
line 228, in wrapper

fn(*args, **kwargs)

  File 
"/usr/local/lib/python3.5/dist-packages/django/core/management/commands/runserver.py",
 
line 125, in inner_run

self.check(display_num_errors=True)

  File 
"/usr/local/lib/python3.5/dist-packages/django/core/management/base.py", 
line 405, in check

raise SystemCheckError(msg)

django.core.management.base.SystemCheckError: *SystemCheckError: System 
check identified some issues:*


ERRORS:

*: (admin.E001) The value 
of 'raw_id_fields' must be a list or tuple.*

this is my admin.py

from django.contrib import admin

from bootcamp.groups_manager.models import Group, Member, GroupType, 
GroupEntity, GroupMember, GroupMemberRole
from guardian.admin import GuardedModelAdmin

# With object permissions support
class GroupAdmin(GuardedModelAdmin):
#fields = ('group_members', 'django_group')
raw_id_fields = ('group_members')
#search_fields = ('group_members', 'django_group')
pass

#admin.site.register(models.Group)
admin.site.register(Group, GroupAdmin)
admin.site.register(Member)
admin.site.register(GroupType)
admin.site.register(GroupEntity)
admin.site.register(GroupMember)
admin.site.register(GroupMemberRole) 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/951cd1bc-5888-4d4f-b92b-fc855cb963a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Checking user permission denied in Django Selenium tests

[Cherie Pun]

 

On the local server that I start up, if the user does not have the required 
permission for a particular view, they will be redirected to the 403 page 
(I am using the permission_required decorator)

However, in the selenium test, the PermissionDenied exception is thrown and 
the user is redirected to the internal server error page (500) instead.

Does the server not work the same way when in selenium testing environment? 
Should I catch that exception in order to check permission is denied 
instead of checking for the 403 page? Cheers!
 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/dccd8e33-8f30-4aef-a030-644112efaf13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Add chosen user Permission in User table from Avaliable user Permissions by writing code

[Nikhil Verma]

Hi All

I am in User Table from django auth and in the admin i am in change_forms
page .
I can clearly see that there is ManyToMany relationship field called
user_permission.
In user_permission filed we have choosen user permssion in which we choosen
permission gets saved.

However i want to set it from code  example everytime the user gets
selected i want some permissions(which is already persent in Available
permission box) get saved to choosen permission box from code.How can i do
this ?

-- 
Regards
Nikhil Verma
+91-958-273-3156

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permission

[Andre Terra]

What I do:

1) Control user rights in views, always, no matter what.
2) Pass user perms to template so that you only display accessible,
permitted links.


Cheers,
AT

On Wed, Mar 7, 2012 at 2:10 PM, Xavier Pegenaute wrote:

> Hi,
>
> Which one is the best option?
>
> a- Control the user rights in the views
> b- Control the user rights in the templates
> c- Control the user rights in both locations
>
> I guess is (c), but it's too much work.
>
> Thanks,
> Regards.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to django-users+unsubscribe@**
> googlegroups.com .
> For more options, visit this group at http://groups.google.com/**
> group/django-users?hl=en
> .
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

User permission

[Xavier Pegenaute]

Hi,

Which one is the best option?

a- Control the user rights in the views
b- Control the user rights in the templates
c- Control the user rights in both locations

I guess is (c), but it's too much work.

Thanks,
Regards.

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: restrict downloading files based on user-permission

[patrickk]

here´s a snippet which shows an implementation:
http://djangosnippets.org/snippets/1710/

however, the only cross-browser solution I´ve come across is the one I
´ve posted above.

regards,
patrick

On 22 Nov., 16:40, David De La Harpe Golden
 wrote:
> Looked into this a bit (will undoubtedly bite us soon):
>
> On 22/11/10 13:54, Torsten Bronger wrote:
>
> > Is there a standard at all for how non-ASCII in the header field
> > "Content-Disposition" is supposed to be encoded?
>
> The rfc5987 [1] based filename*=UTF-8''bl%c3%a4h mechanism very recently
> exists, otherwise iso-8859-1/ascii, pretty much...  See the rfc author's
> test page [2]
>
> Talking chromium implementing it days ago sort of very recent, mind [3]
>
> While some present-day clients apparently do try to interpret the
> filename=... into utf-8 in one manner or another (I suppose you could
> get into UA detection if you have the patience/need), I think servers
> (including django apps) can maybe start to send both a fallback standard
> filename= in no more than iso-8859-1 and the now-standard filename*= in
> utf-8 as seen in [4], though there are some compat issues with that too [5]
>
> [1]http://tools.ietf.org/html/rfc5987
>
> [2]http://greenbytes.de/tech/tc2231/#encoding-2231-char
>
> [3]http://code.google.com/p/chromium/issues/detail?id=57830
>
> [4]http://greenbytes.de/tech/tc2231/#encoding-2231-fb
>
> [5]https://bugzilla.mozilla.org/show_bug.cgi?id=588781

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: restrict downloading files based on user-permission

[David De La Harpe Golden]

Looked into this a bit (will undoubtedly bite us soon):

On 22/11/10 13:54, Torsten Bronger wrote:
> Is there a standard at all for how non-ASCII in the header field
> "Content-Disposition" is supposed to be encoded?

The rfc5987 [1] based filename*=UTF-8''bl%c3%a4h mechanism very recently
exists, otherwise iso-8859-1/ascii, pretty much...  See the rfc author's
test page [2]

Talking chromium implementing it days ago sort of very recent, mind [3]

While some present-day clients apparently do try to interpret the
filename=... into utf-8 in one manner or another (I suppose you could
get into UA detection if you have the patience/need), I think servers
(including django apps) can maybe start to send both a fallback standard
filename= in no more than iso-8859-1 and the now-standard filename*= in
utf-8 as seen in [4], though there are some compat issues with that too [5]

[1] http://tools.ietf.org/html/rfc5987

[2] http://greenbytes.de/tech/tc2231/#encoding-2231-char

[3] http://code.google.com/p/chromium/issues/detail?id=57830

[4] http://greenbytes.de/tech/tc2231/#encoding-2231-fb

[5] https://bugzilla.mozilla.org/show_bug.cgi?id=588781

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: restrict downloading files based on user-permission

[Torsten Bronger]

Hallöchen!

patrickk writes:

> well ... yes, but if someond uploads "äöü.PDF" I want the user to
> download "äöü.PDF" again ... and not
> %C3%83%C2%A4%C3%83%C2%B6%C3%83%C2%BC.PDF.
>
> did you test your code with IE7/IE8? I just did and the name of
> the downloaded file differs from the upload.

Chrom and Firefox download äöü.pdf if the HTTP header field was
UTF-8-encoded (instead of URL-escaped).  However, I hesitate to say
that IE is doing the wrong thing beacuse the UTF-8 encoding is never
mentioned in the header field, so Chrome and FF just guess right.

Or does Django encode unicode strings in HTTP header fields somehow?
I haven't sniffed the HTTP communication so far.

Is there a standard at all for how non-ASCII in the header field
"Content-Disposition" is supposed to be encoded?

Tschö,
Torsten.

-- 
Torsten Bronger, aquisgrana, europa vetus
   Jabber ID: torsten.bron...@jabber.rwth-aachen.de
  or http://bronger-jmp.appspot.com

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: restrict downloading files based on user-permission

[Łukasz Rekucki]

I'm guessing that your original problem was that HTTP headers can only
contain ASCII characters. To have a UTF-8 encoded name, you should use
percent-encoding. I'm using this code on production site:

quoted_name = urllib.quote(file.name.encode('utf-8'))
response['Content-Disposition'] = 'attachment; filename=%s' % quoted_name

and it works perfectly with any unicode name.

> On 21 Nov., 16:31, patrickk  wrote:
>> I need to serve media-files uploaded by users, but only the user who
>> uploaded a file should be able to download that file again. therefore,
>> I need to check whether the currently logged-in user is the creator of
>> that file (ok, that´s easy with using a view).
>>
>> – of course, serving the media-file via django is not an option.
>> – downloading the file (changing the response-header) is not an option
>> either since we need to use utf-8 filenames (same goes for xsendfile).
>>
>> any ideas on how to achieve this? btw, we´re using mod_wsgi.
>>
>> thanks,
>> patrick
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-users?hl=en.
>
>



-- 
Łukasz Rekucki

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: restrict downloading files based on user-permission

[patrickk]

well ... yes, but if someond uploads "äöü.PDF" I want the user to
download "äöü.PDF" again ... and not
%C3%83%C2%A4%C3%83%C2%B6%C3%83%C2%BC.PDF.

did you test your code with IE7/IE8? I just did and the name of the
downloaded file differs from the upload.

regards,
patrick

On 21 Nov., 20:39, Łukasz Rekucki  wrote:
> I'm guessing that your original problem was that HTTP headers can only
> contain ASCII characters. To have a UTF-8 encoded name, you should use
> percent-encoding. I'm using this code on production site:
>
> quoted_name = urllib.quote(file.name.encode('utf-8'))
> response['Content-Disposition'] = 'attachment; filename=%s' % quoted_name
>
> and it works perfectly with any unicode name.
>
>
>
> > On 21 Nov., 16:31, patrickk  wrote:
> >> I need to serve media-files uploaded by users, but only the user who
> >> uploaded a file should be able to download that file again. therefore,
> >> I need to check whether the currently logged-in user is the creator of
> >> that file (ok, that´s easy with using a view).
>
> >> - of course, serving the media-file via django is not an option.
> >> - downloading the file (changing the response-header) is not an option
> >> either since we need to use utf-8 filenames (same goes for xsendfile).
>
> >> any ideas on how to achieve this? btw, we´re using mod_wsgi.
>
> >> thanks,
> >> patrick
>
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "Django users" group.
> > To post to this group, send email to django-us...@googlegroups.com.
> > To unsubscribe from this group, send email to 
> > django-users+unsubscr...@googlegroups.com.
> > For more options, visit this group 
> > athttp://groups.google.com/group/django-users?hl=en.
>
> --
> Łukasz Rekucki

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

restrict downloading files based on user-permission

[patrickk]

I need to serve media-files uploaded by users, but only the user who
uploaded a file should be able to download that file again. therefore,
I need to check whether the currently logged-in user is the creator of
that file (ok, that´s easy with using a view).

– of course, serving the media-file via django is not an option.
– downloading the file (changing the response-header) is not an option
either since we need to use utf-8 filenames (same goes for xsendfile).

any ideas on how to achieve this? btw, we´re using mod_wsgi.

thanks,
patrick

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: restrict downloading files based on user-permission

[patrickk]

just for the records ...

it seems to work when filename is not defined with
response["Content-Disposition"] = "attachment; filename=äöü &%%%.pdf"
instead just use
response["Content-Disposition"] = "attachment"
and add the filename to the URL, e.g.
/user/downloads/15/äöü &.pdf
where
15 is the object-id and the filename has to be urlencoded.

within a template, it looks like this:
{% url attachment_download object.id %}{{ object.attachment.name|
urlencode }}

the view just checks if the attachment with id 15 has been uploaded by
the logged-in user and returns the attachment:

def attachment_download(request, object_id):
import mimetypes
obj = get_object_or_404(UserAttachment, user=request.user,
pk=object_id)
mimetype, encoding = mimetypes.guess_type(fullpath)
mimetype = mimetype or 'application/octet-stream'
response = HttpResponse(obj.attachment.read(), mimetype=mimetype)
response['Content-Length'] = obj.attachment.size
response["Content-Disposition"] = "attachment"
if encoding:
response["Content-Encoding"] = encoding
return response

tested with firefox, safari, chrome, IE7, IE8, opera ... guess it
works.

regards,
patrick


On 21 Nov., 16:31, patrickk  wrote:
> I need to serve media-files uploaded by users, but only the user who
> uploaded a file should be able to download that file again. therefore,
> I need to check whether the currently logged-in user is the creator of
> that file (ok, that´s easy with using a view).
>
> – of course, serving the media-file via django is not an option.
> – downloading the file (changing the response-header) is not an option
> either since we need to use utf-8 filenames (same goes for xsendfile).
>
> any ideas on how to achieve this? btw, we´re using mod_wsgi.
>
> thanks,
> patrick

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permission confusing

[adrian]

> BTW: There are many links in the administration page, that I do not
> know where to map. Such as "View on website" (http://127.0.0.1:8000/
> admin/r/3/2/) in an user profile

of course including:
http://docs.djangoproject.com/en/1.2/ref/models/instances/#get-absolute-url

and
http://docs.djangoproject.com/en/1.2/ref/contrib/sites/#how-django-uses-the-sites-framework

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: User permission confusing

[adrian]

> BTW: There are many links in the administration page, that I do not
> know where to map. Such as "View on website" (http://127.0.0.1:8000/
> admin/r/3/2/) in an user profile

please read:
http://docs.djangoproject.com/en/1.2/ref/models/instances/#the-permalink-decorator

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

User permission confusing

[stanleyxu2005]

Hi All,

I activated the admin module of django and I am now confused with the
user permission.

I logged in as administrator. I created an account "restricted_admin",
activated "Staff status" and assigned "add/edit/delete user"
permissions to him.

Unexpectedly, he can create/edit/delete a superuser. Can I restrict
such kind of "restricted_admin" not be able to touch the user profile
on a higher privileged level? For instance, not to privilege himself
to a superuser, or edit the profile of a superuser.

BTW: There are many links in the administration page, that I do not
know where to map. Such as "View on website" (http://127.0.0.1:8000/
admin/r/3/2/) in an user profile

Best regards

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Re: ManyToMany widget in admin - the "user - permission way.."

[Daniel Roseman]

On Feb 27, 1:21 pm, Anders  wrote:
> Hi.
>
> In the users admin of Django admin there is a nice way of selecting
> permissions for each user by adding and removing permissions from a
> list of available permissions. ()
>
> I have models set up similar to the ones used for users and
> permissions, but I am not able to get the nice "select from list on
> left side and add to right side"-widget. I only get a normal multi-
> select box.
>
> My models could look like this:
>
> class Interest(models.Model):
>     name= models.CharField(max_length=255)
>
> class Person(models.Model):
>     name= models.CharField(max_length=255)
>     .
>     interests = models.ManyToManyField(Interest)
>
> How can I get the fancy manytomany-widget in the Person admin?
>
> thanks
>
> Anders

Specify a 'filter-horizontal' tuple in the admin model declaration:
http://docs.djangoproject.com/en/dev/ref/contrib/admin/#filter-horizontal
--
DR.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

ManyToMany widget in admin - the "user - permission way.."

[Anders]

Hi.

In the users admin of Django admin there is a nice way of selecting
permissions for each user by adding and removing permissions from a
list of available permissions. ()

I have models set up similar to the ones used for users and
permissions, but I am not able to get the nice "select from list on
left side and add to right side"-widget. I only get a normal multi-
select box.

My models could look like this:

class Interest(models.Model):
name= models.CharField(max_length=255)

class Person(models.Model):
name= models.CharField(max_length=255)
.
interests = models.ManyToManyField(Interest)

How can I get the fancy manytomany-widget in the Person admin?

thanks

Anders

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

Adding various user permission to Forms having no models

[Harish]

hi friends.

I am doing a project using djangoI created certain forms using
view...
now i want to add user permission to access those forms how i can
do this?

Regards
Harish Bhat


--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~--~~~~--~~--~--~---

User permission setting problem

[Qiangning Hong]

I setup a polls app following the tutorial and want to do more.  I see
there are users and groups settings in the admin index page, and so I
want add a staff user to manage the polls.

However, after I create the user, I found the available permissions list
has nothing to do with polls management -- they are about create/delete
users, groups, flat pages, etc.  How can I setup a staff user to
create/delete/change polls?

-- 
Qiangning Hong
http://www.hn.org/hongqn (RSS: http://feeds.feedburner.com/hongqn)

Registered Linux User #396996
Get Firefox! 
Thunderbird!