Reputation: 143
Django permissions
I would love to have more granular permission in my Django project, but can't decide what app to use. What I have is something like:
class Item(models.Model):
name = models.CharField(max_length=64, unique=True)
description = models.CharField(max_length=128, default='')
logo = ImageField(upload_to=/tmp, blank=True, null=True)
Now with Django standard permissions I have the possibility to choose between add, change and delete, what I want to have is an extended change permission, to offer the ability to give group rights only to change the logo for example, but disallow that same group to modify the item description. I don't want or need a user to entry relation, but simply give the possibility to different groups to edit single fields of a model using the standard admin interface. I'm even not sure if I am talking about per-object permission?
Does anyone know what's best to use or how I would implement it myself? I could also imagine to have read-only users who can access/read everything but won't be able to modify, this isn't possible neither.
Thanks for any help.
Upvotes: 7
Views: 4852
Answers (3)
Reputation: 1525
If you want to handle this sort of thing beyond your admin site, take a look at django-logical-rules, where you can write your rules in python and access them from views or within a template;
Upvotes: 0
Reputation: 9213
The most flexible but way would be to:
- write some custom permissions (i.e.
can_modify_descr) - write yur own Forms or ModelForms
- write Views to render your specified forms.
- finally you'd have to override some django admin templates and render your Forms in templates that extend some standard django admin templates.
As far as I can see this is the only way to achieve what you want, but also requires a lot of work.
Upvotes: 7
Reputation: 12590
One simple way to achieve that is to create many ModelAdmin for the same model (one for each "group"). To do that you need to create one Proxy Models for each "group" like this:
models.py
class Item(models.Model):
name = models.CharField(max_length=64, unique=True)
description = models.CharField(max_length=128, default='')
logo = ImageField(upload_to=/tmp, blank=True, null=True)
class ItemGroup1(Item):
class Meta:
proxy = True
admin.py
class ItemAdmin(models.ModelAdmin):
...
class ItemGroup1Admin(models.ModelAdmin):
readonly_fields = ('logo', 'description')
And then you just need to set the permissions of group 1 to only have access to ItemGroup1, etc.
See this post for more info: Using Proxy Models to Customize the Django Admin
Upvotes: 1
Related Questions
- django permissions not being respected
- Model and Permissions
- Confusion with the Django permission system
- Understanding django permissions
- Permissions on my Model for Django
- django permission to other owners
- Django. Permissions to model instance?
- object-level permissions django
- Django sites framework permissions
- Django - permissions and profiles