Reputation:
Django User Permissions
I have a django app in which only superuser or staff members can create an object. Here's how I did it,
model,
class Data(models.Model):
content = models.TextField()
view,
def data_create(request):
if not request.user.is_staff or not request.user.is_superuser:
raise Http404
else:
# Create the Data object . . .
After doing so I created 2 users, first one is superuser (admin) & second one is a normal user (test). After that, I logged in as superuser (admin) into django admin panel & changed second user's (test) permission to staff & also gave him permission to create the data object.
But Problem is that it's still returning Http404 error whenever I try to create data object as (test) second user. Why is it happening?
Also: When I changed second user's (test) permission to superuser instead of staff, everything worked fine it was able to create data object (no longer 404 error). But I wants to keep it staff & be able to create the data.
Upvotes: 1
Views: 1346
Answers (1)
Reputation: 88439
I think the problem is with your if condition, so, change it as below
def data_create(request):
if request.user.is_staff or request.user.is_superuser:
# Create the Data Object
else:
raise Http404
Why the behaviour?
In [11]: not False or not True
Out[11]: True
Hopes the above statement describes the nature.
Upvotes: 1
Related Questions
- User groups and permissions
- How to restrict view in Django from other users?
- Set user permissions for specific views in Django
- Django - user permissions to certain views?
- Django 2.1 View Permission
- Django users and permissions
- How to define permission on django views?
- User/Group permission class
- add custom user permission in django
- User permissions for Django module