How can I write my own permissions in django












6














I want to write my own permissions in Django, I mean I want to define exactly what a user can or cannot do, I have read this enter link description here
but it seems change_task_status is sth predefined in Django. for example, I want to define exactly users can have access to just get method of a view and just from row 1 to 8 of the database table, and sth like this. How can I do this?



Edit:



First of all, I did this with default permissions that are in auth_permission table in Django, for each model it creates permissions of add/view/change/delete in this table and I know that I can use it for my purpose. but I have two problems, first I don't want to use the default permission class od Django.contrib,auth model thus I want to create my own permission table (instead of auth_permissions I have mapp_permissions) it makes a problem for me now this new table is not filled with default permissions so I need to define permissions myself I mean I have to say what add_modelname means and also after I do this I need to define some new permissions that say for example for one model:user_x have permission view_modelname, users also have this permission but from data of this model which stored in database user_y just can see records of 1 to 8 of db table not all



Edit 2:



as you can see in permissions class comment it says:"it's
not currently possible to say "Mary may only change news stories that have a
certain status or publication date.""
how can I make it possible?
also, there should be a code inside Django files that define for the machine for example add_user which is in the table means what






python django django-rest-framework







share|improve this question
























  • What do you mean and just from row 1 to 8 of the database table? That example above shows you a template for writing a permission. You define permissions on the models, and then check if that user has the necessary permission using the function? You can apply the permissions to users (the rows 1 - 8, I assume) via the dashboard or via a migration.
    – Rodney Hawkins
    21 hours ago










  • please check my edit
    – Annabelle
    20 hours ago










  • @Annabelle not sure why you wouldn't want to use the Django auth permissions table but if you do want to use a custom permissions table, you can no longer use the usual permissions defined in the model META class because those ones are added to the auth permissions table during migration. You would have to roll out a custom solution. As for your second requirement of row 1-8, it's also a strange one and does not fall into the type of permissions offered by the current permissions framework, but since you will be rolling out a new logic anyway, you can also implement that on your own
    – Ken4scholars
    20 hours ago






  • 1




    @Annabelle What I mean is that is that you can write a DRF permissions class which checks that the user has the permission to change objects of a particular status. The check could be on whether the user is admin or normal user. But then again if you need it to be fine-grained, you can create a separate class for the permissions and define as many as is needed. In essence, what I mean is that you can have them work side by side with the original permissions framework and not replace it
    – Ken4scholars
    19 hours ago






  • 1




    @Annabelle you should import all your models in the __init__.py file of the package. Check this out stackoverflow.com/questions/5534206/…
    – Ken4scholars
    19 hours ago
















6














I want to write my own permissions in Django, I mean I want to define exactly what a user can or cannot do, I have read this enter link description here
but it seems change_task_status is sth predefined in Django. for example, I want to define exactly users can have access to just get method of a view and just from row 1 to 8 of the database table, and sth like this. How can I do this?



Edit:



First of all, I did this with default permissions that are in auth_permission table in Django, for each model it creates permissions of add/view/change/delete in this table and I know that I can use it for my purpose. but I have two problems, first I don't want to use the default permission class od Django.contrib,auth model thus I want to create my own permission table (instead of auth_permissions I have mapp_permissions) it makes a problem for me now this new table is not filled with default permissions so I need to define permissions myself I mean I have to say what add_modelname means and also after I do this I need to define some new permissions that say for example for one model:user_x have permission view_modelname, users also have this permission but from data of this model which stored in database user_y just can see records of 1 to 8 of db table not all



Edit 2:



as you can see in permissions class comment it says:"it's
not currently possible to say "Mary may only change news stories that have a
certain status or publication date.""
how can I make it possible?
also, there should be a code inside Django files that define for the machine for example add_user which is in the table means what






python django django-rest-framework







share|improve this question
























  • What do you mean and just from row 1 to 8 of the database table? That example above shows you a template for writing a permission. You define permissions on the models, and then check if that user has the necessary permission using the function? You can apply the permissions to users (the rows 1 - 8, I assume) via the dashboard or via a migration.
    – Rodney Hawkins
    21 hours ago










  • please check my edit
    – Annabelle
    20 hours ago










  • @Annabelle not sure why you wouldn't want to use the Django auth permissions table but if you do want to use a custom permissions table, you can no longer use the usual permissions defined in the model META class because those ones are added to the auth permissions table during migration. You would have to roll out a custom solution. As for your second requirement of row 1-8, it's also a strange one and does not fall into the type of permissions offered by the current permissions framework, but since you will be rolling out a new logic anyway, you can also implement that on your own
    – Ken4scholars
    20 hours ago






  • 1




    @Annabelle What I mean is that is that you can write a DRF permissions class which checks that the user has the permission to change objects of a particular status. The check could be on whether the user is admin or normal user. But then again if you need it to be fine-grained, you can create a separate class for the permissions and define as many as is needed. In essence, what I mean is that you can have them work side by side with the original permissions framework and not replace it
    – Ken4scholars
    19 hours ago






  • 1




    @Annabelle you should import all your models in the __init__.py file of the package. Check this out stackoverflow.com/questions/5534206/…
    – Ken4scholars
    19 hours ago














6












6








6







I want to write my own permissions in Django, I mean I want to define exactly what a user can or cannot do, I have read this enter link description here
but it seems change_task_status is sth predefined in Django. for example, I want to define exactly users can have access to just get method of a view and just from row 1 to 8 of the database table, and sth like this. How can I do this?



Edit:



First of all, I did this with default permissions that are in auth_permission table in Django, for each model it creates permissions of add/view/change/delete in this table and I know that I can use it for my purpose. but I have two problems, first I don't want to use the default permission class od Django.contrib,auth model thus I want to create my own permission table (instead of auth_permissions I have mapp_permissions) it makes a problem for me now this new table is not filled with default permissions so I need to define permissions myself I mean I have to say what add_modelname means and also after I do this I need to define some new permissions that say for example for one model:user_x have permission view_modelname, users also have this permission but from data of this model which stored in database user_y just can see records of 1 to 8 of db table not all



Edit 2:



as you can see in permissions class comment it says:"it's
not currently possible to say "Mary may only change news stories that have a
certain status or publication date.""
how can I make it possible?
also, there should be a code inside Django files that define for the machine for example add_user which is in the table means what






python django django-rest-framework







share|improve this question















I want to write my own permissions in Django, I mean I want to define exactly what a user can or cannot do, I have read this enter link description here
but it seems change_task_status is sth predefined in Django. for example, I want to define exactly users can have access to just get method of a view and just from row 1 to 8 of the database table, and sth like this. How can I do this?



Edit:



First of all, I did this with default permissions that are in auth_permission table in Django, for each model it creates permissions of add/view/change/delete in this table and I know that I can use it for my purpose. but I have two problems, first I don't want to use the default permission class od Django.contrib,auth model thus I want to create my own permission table (instead of auth_permissions I have mapp_permissions) it makes a problem for me now this new table is not filled with default permissions so I need to define permissions myself I mean I have to say what add_modelname means and also after I do this I need to define some new permissions that say for example for one model:user_x have permission view_modelname, users also have this permission but from data of this model which stored in database user_y just can see records of 1 to 8 of db table not all



Edit 2:



as you can see in permissions class comment it says:"it's
not currently possible to say "Mary may only change news stories that have a
certain status or publication date.""
how can I make it possible?
also, there should be a code inside Django files that define for the machine for example add_user which is in the table means what






python django django-rest-framework




python django django-rest-framework






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 20 hours ago

























asked 21 hours ago









Annabelle

1147




1147












  • What do you mean and just from row 1 to 8 of the database table? That example above shows you a template for writing a permission. You define permissions on the models, and then check if that user has the necessary permission using the function? You can apply the permissions to users (the rows 1 - 8, I assume) via the dashboard or via a migration.
    – Rodney Hawkins
    21 hours ago










  • please check my edit
    – Annabelle
    20 hours ago










  • @Annabelle not sure why you wouldn't want to use the Django auth permissions table but if you do want to use a custom permissions table, you can no longer use the usual permissions defined in the model META class because those ones are added to the auth permissions table during migration. You would have to roll out a custom solution. As for your second requirement of row 1-8, it's also a strange one and does not fall into the type of permissions offered by the current permissions framework, but since you will be rolling out a new logic anyway, you can also implement that on your own
    – Ken4scholars
    20 hours ago






  • 1




    @Annabelle What I mean is that is that you can write a DRF permissions class which checks that the user has the permission to change objects of a particular status. The check could be on whether the user is admin or normal user. But then again if you need it to be fine-grained, you can create a separate class for the permissions and define as many as is needed. In essence, what I mean is that you can have them work side by side with the original permissions framework and not replace it
    – Ken4scholars
    19 hours ago






  • 1




    @Annabelle you should import all your models in the __init__.py file of the package. Check this out stackoverflow.com/questions/5534206/…
    – Ken4scholars
    19 hours ago


















  • What do you mean and just from row 1 to 8 of the database table? That example above shows you a template for writing a permission. You define permissions on the models, and then check if that user has the necessary permission using the function? You can apply the permissions to users (the rows 1 - 8, I assume) via the dashboard or via a migration.
    – Rodney Hawkins
    21 hours ago










  • please check my edit
    – Annabelle
    20 hours ago










  • @Annabelle not sure why you wouldn't want to use the Django auth permissions table but if you do want to use a custom permissions table, you can no longer use the usual permissions defined in the model META class because those ones are added to the auth permissions table during migration. You would have to roll out a custom solution. As for your second requirement of row 1-8, it's also a strange one and does not fall into the type of permissions offered by the current permissions framework, but since you will be rolling out a new logic anyway, you can also implement that on your own
    – Ken4scholars
    20 hours ago






  • 1




    @Annabelle What I mean is that is that you can write a DRF permissions class which checks that the user has the permission to change objects of a particular status. The check could be on whether the user is admin or normal user. But then again if you need it to be fine-grained, you can create a separate class for the permissions and define as many as is needed. In essence, what I mean is that you can have them work side by side with the original permissions framework and not replace it
    – Ken4scholars
    19 hours ago






  • 1




    @Annabelle you should import all your models in the __init__.py file of the package. Check this out stackoverflow.com/questions/5534206/…
    – Ken4scholars
    19 hours ago
















What do you mean and just from row 1 to 8 of the database table? That example above shows you a template for writing a permission. You define permissions on the models, and then check if that user has the necessary permission using the function? You can apply the permissions to users (the rows 1 - 8, I assume) via the dashboard or via a migration.
– Rodney Hawkins
21 hours ago




What do you mean and just from row 1 to 8 of the database table? That example above shows you a template for writing a permission. You define permissions on the models, and then check if that user has the necessary permission using the function? You can apply the permissions to users (the rows 1 - 8, I assume) via the dashboard or via a migration.
– Rodney Hawkins
21 hours ago












please check my edit
– Annabelle
20 hours ago




please check my edit
– Annabelle
20 hours ago












@Annabelle not sure why you wouldn't want to use the Django auth permissions table but if you do want to use a custom permissions table, you can no longer use the usual permissions defined in the model META class because those ones are added to the auth permissions table during migration. You would have to roll out a custom solution. As for your second requirement of row 1-8, it's also a strange one and does not fall into the type of permissions offered by the current permissions framework, but since you will be rolling out a new logic anyway, you can also implement that on your own
– Ken4scholars
20 hours ago




@Annabelle not sure why you wouldn't want to use the Django auth permissions table but if you do want to use a custom permissions table, you can no longer use the usual permissions defined in the model META class because those ones are added to the auth permissions table during migration. You would have to roll out a custom solution. As for your second requirement of row 1-8, it's also a strange one and does not fall into the type of permissions offered by the current permissions framework, but since you will be rolling out a new logic anyway, you can also implement that on your own
– Ken4scholars
20 hours ago




1




1




@Annabelle What I mean is that is that you can write a DRF permissions class which checks that the user has the permission to change objects of a particular status. The check could be on whether the user is admin or normal user. But then again if you need it to be fine-grained, you can create a separate class for the permissions and define as many as is needed. In essence, what I mean is that you can have them work side by side with the original permissions framework and not replace it
– Ken4scholars
19 hours ago




@Annabelle What I mean is that is that you can write a DRF permissions class which checks that the user has the permission to change objects of a particular status. The check could be on whether the user is admin or normal user. But then again if you need it to be fine-grained, you can create a separate class for the permissions and define as many as is needed. In essence, what I mean is that you can have them work side by side with the original permissions framework and not replace it
– Ken4scholars
19 hours ago




1




1




@Annabelle you should import all your models in the __init__.py file of the package. Check this out stackoverflow.com/questions/5534206/…
– Ken4scholars
19 hours ago




@Annabelle you should import all your models in the __init__.py file of the package. Check this out stackoverflow.com/questions/5534206/…
– Ken4scholars
19 hours ago












1 Answer
1






active

oldest

votes


















2














According to Edit 2 , I see that you have some business logic related to permissions check , have a look at django-rules , I think it's what you're looking for.






share|improve this answer





















  • Thank you, now I have a little problem can you help me with it first?"another problem I have is this that for purpose of my project I used a model folder instead of model.py file, now permission class cannot auto-generate add/change/delete/update of my models, how can I define where to look for my model?"
    – Annabelle
    19 hours ago






  • 1




    Did you import the models inside the init.py in the models forlder ? docs.djangoproject.com/en/2.1/topics/db/models/…
    – Haidar Zeineddine
    19 hours ago













Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53942754%2fhow-can-i-write-my-own-permissions-in-django%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














According to Edit 2 , I see that you have some business logic related to permissions check , have a look at django-rules , I think it's what you're looking for.






share|improve this answer





















  • Thank you, now I have a little problem can you help me with it first?"another problem I have is this that for purpose of my project I used a model folder instead of model.py file, now permission class cannot auto-generate add/change/delete/update of my models, how can I define where to look for my model?"
    – Annabelle
    19 hours ago






  • 1




    Did you import the models inside the init.py in the models forlder ? docs.djangoproject.com/en/2.1/topics/db/models/…
    – Haidar Zeineddine
    19 hours ago


















2














According to Edit 2 , I see that you have some business logic related to permissions check , have a look at django-rules , I think it's what you're looking for.






share|improve this answer





















  • Thank you, now I have a little problem can you help me with it first?"another problem I have is this that for purpose of my project I used a model folder instead of model.py file, now permission class cannot auto-generate add/change/delete/update of my models, how can I define where to look for my model?"
    – Annabelle
    19 hours ago






  • 1




    Did you import the models inside the init.py in the models forlder ? docs.djangoproject.com/en/2.1/topics/db/models/…
    – Haidar Zeineddine
    19 hours ago
















2












2








2






According to Edit 2 , I see that you have some business logic related to permissions check , have a look at django-rules , I think it's what you're looking for.






share|improve this answer












According to Edit 2 , I see that you have some business logic related to permissions check , have a look at django-rules , I think it's what you're looking for.







share|improve this answer












share|improve this answer



share|improve this answer










answered 19 hours ago









Haidar Zeineddine

7325




7325












  • Thank you, now I have a little problem can you help me with it first?"another problem I have is this that for purpose of my project I used a model folder instead of model.py file, now permission class cannot auto-generate add/change/delete/update of my models, how can I define where to look for my model?"
    – Annabelle
    19 hours ago






  • 1




    Did you import the models inside the init.py in the models forlder ? docs.djangoproject.com/en/2.1/topics/db/models/…
    – Haidar Zeineddine
    19 hours ago




















  • Thank you, now I have a little problem can you help me with it first?"another problem I have is this that for purpose of my project I used a model folder instead of model.py file, now permission class cannot auto-generate add/change/delete/update of my models, how can I define where to look for my model?"
    – Annabelle
    19 hours ago






  • 1




    Did you import the models inside the init.py in the models forlder ? docs.djangoproject.com/en/2.1/topics/db/models/…
    – Haidar Zeineddine
    19 hours ago


















Thank you, now I have a little problem can you help me with it first?"another problem I have is this that for purpose of my project I used a model folder instead of model.py file, now permission class cannot auto-generate add/change/delete/update of my models, how can I define where to look for my model?"
– Annabelle
19 hours ago




Thank you, now I have a little problem can you help me with it first?"another problem I have is this that for purpose of my project I used a model folder instead of model.py file, now permission class cannot auto-generate add/change/delete/update of my models, how can I define where to look for my model?"
– Annabelle
19 hours ago




1




1




Did you import the models inside the init.py in the models forlder ? docs.djangoproject.com/en/2.1/topics/db/models/…
– Haidar Zeineddine
19 hours ago






Did you import the models inside the init.py in the models forlder ? docs.djangoproject.com/en/2.1/topics/db/models/…
– Haidar Zeineddine
19 hours ago




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53942754%2fhow-can-i-write-my-own-permissions-in-django%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Monofisismo

Image
Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri...
Read more

Angular Downloading a file using contenturl with Basic Authentication

Image
0 I have a contentUrl when user clicks on that,file should be downloaded. If I try to browse the contentUrl in the browser it asks for Userid and password.I believe this is Basic Authentication.I dont want user to enter UserId and Password so I am passing it Authorization(Please see below code). Url looks some thing like this: http://XXX.XXX.XX.XXX:8080/flowable-rest/service/runtime/tasks/90875/attachments/90555/content let username : string = 'admin'; let pwd : string = 'test'; let headers = new Headers(); headers.set('Accept', 'text/json'); headers.append('Content-Type', 'application/json'); headers.set('Access-Control-Allow-Origin', '*'); headers.set('Access-Control-Allow-Methods','POST, GET, OPTIONS, PUT, DELETE'); head...
Read more

Olmecas

Image
Monumento 1, uma das quatro cabeças colossais encontradas em La Venta, com altura aproximada de 3 metros Olmecas é a designação do povo e da civilização que estiveram na origem da antiga cultura pré-colombiana da Mesoamérica e que se desenvolveram nas regiões tropicais do centro-sul do atual México durante o pré-clássico, próximo de onde hoje estão localizados os estados mexicanos de Veracruz e Tabasco, no Istmo de Tehuantepec, numa zona designada área nuclear olmeca. A cultura olmeca floresceu nesta região aproximadamente entre 1500 e 400 a.C., [ 1 ] e crê-se que tenha sido a civilização-mãe de todas as civilizações mesoamericanas que se desenvolveram posteriormente. [ 2 ] No entanto, desconhece-se a sua exacta filiação étnica, ainda que existam numerosas hipóteses colocadas para tentar resolver esta questão. O etnónimo olmeca foi cunhado pelos arqueólogos do século XX, e não devem confundir-se com os muito posteriores olmecas-xicalancas que ocuparam vários locais do México...
Read more