427 questions
1
vote
1
answer
52
views
Custom Permission Mixin Django Rest Framework
I am trying to create a custom mixim that handles additional permission checks in my views.
This is what I have tried:
class ProfilePermissionsRequiredMixin:
required_permissions = []
def ...
0
votes
1
answer
27
views
Object permissions for multiply objects in DRF
I can't prescribe permissions. I have Accounts, Sites and Informations models:
Accounts
class Accounts(models.Model):
user = models.ForeignKey(to=User, on_delete=models.SET_NULL, null=True, ...
0
votes
1
answer
28
views
Django User not inheriting Group permissions
I have a TestCase that i'm testing permissions on. I don't understand how this test is failing where it's failing:
# Make sure group has permission
group_permissions = self.my_group....
1
vote
1
answer
62
views
Django Model Permissions. Why is this hard?
Django creates permissions for every model you make, such as:
can_view_{model_name}
can_add_{model_name}
can_edit_{model_name}
Out of the box, these are only applicable to Django Admin. Ok well if I ...
1
vote
1
answer
51
views
My custom permission isn't blocking put requests for editing objects
I have this permission class
class AuthorOrReadOnly(BasePermission):
def has_object_permission(self, request, view, obj):
if request.method in SAFE_METHODS:
return True
...
1
vote
1
answer
108
views
How to restore deleted permissions on a model in a django project
I want to create a new group and add permissions to the group called "mod". The permission I want to give to this group is Can add, Can Change, Can Delete, and Can View. After I added all ...
0
votes
1
answer
43
views
Allow Admin user to see only the user the admin creates in Django
I am trying to create a school management system, where by a school can register and becomes an admin, the school which is an admin, can create their staffs and students. The staff and students should ...
1
vote
0
answers
172
views
Django REST Framework Viewset Executes Actions Multiple Times and Shows 'None' for GET Requests
I have a Django REST framework viewset with multiple actions such as list, create, and more. When I send a GET request, I noticed that some actions are executed multiple times, and the action is ...
0
votes
1
answer
61
views
Django Permission per Database Object
I have an architectural question regarding Djangos permission model.
I do have a Database Model which hold companies, and each company can have multiple projects.
Users should be able to only see ...
0
votes
0
answers
28
views
Some Models permission are missing from the permission list in django admin
Account models has lot of the models but only the user models permission are visible
These are some of the models of out lot of models in the file for which permission are not visible
class Child(...
0
votes
1
answer
34
views
Customizing Permissions and Groups models in Django
I want to modify the Permissions and Group models from django.contrib.auth. I have extended them but am unable to understand how to use these extended models in my project. I had researched about it ...
0
votes
1
answer
31
views
Permission denied for ..../<id>/ CRUD ModelViewSet endpoints
I am trying to create a ModelViewSet for supporting CRUD operations on my address model. I am able to successfully use LIST and CREATE endpoints, but all the other 4 endpoints which require/id/ in ...
0
votes
1
answer
59
views
How to update widget attribute based on user role in Django
I have this custom widget:
class RelatedFieldWidgetCanAdd(widgets.Select):
def __init__(self, related_model, related_url=None, can_add_related=True, *args, **kw):
self.can_add_related = ...
3
votes
2
answers
371
views
How to update 'Allow' headers in DRF to match an OPTIONS request's permissions?
I am using Django Rest Framework 3.14 with ModelViewsets and a settings-wide DjangoModelOrAnonReadOnly permission class.
Given this config, out of the box my JSON API seems to respond to OPTIONS ...
0
votes
1
answer
303
views
Best approach for implementing configurable permissions and roles in Django
I'm working on a Django application and I need to implement configurable permissions and roles. I want to be able to add new roles and associate multiple tasks with each role for specific modules in ...
0
votes
1
answer
28
views
Dependant permissions in django rest framework
I have a query -
Suppose I have a notebooks (Physics,Chemistry,Math,...) and I want to put note in these notebooks by implementing some permissions -
If I have permissions to view notebooks and I ...
0
votes
0
answers
358
views
drf custom authentication backend gets executed on the path that doesn't need authentication
I am new to django and I am trying to add permissions from DRF to my project. Ever since I have set DEFAULT_AUTHENTICATION_CLASSES for REST_FRAMEWORK in django settings.py, all the requests are going ...
0
votes
1
answer
22
views
How can I build multiple versions of admins with different permissions in django
For example in a Car Rental System where the car owner should have his admin interface to view, add and delete his cars and also view orders orders, pending payments, finished payments but he should ...
0
votes
1
answer
1k
views
Admin. Register model in other app administration
In admin panel I'm looking to having all user related models in one app administration, including Group and Permission models, which are by default included in Authentication and authorization app.
Is ...
-1
votes
1
answer
305
views
Django - How can I add a user to an auth_group?
I have and django application that I am trying to apply user group permissions. Here is how my members model is setup.
Class Member(AbstractUser)
Class Meta:
permissions = ((Perm1_codename,...
0
votes
0
answers
44
views
Check if django permission works via shell
User has only change_post permission. I want to check in practice via shell if it works. It hasn't add_post permision. Creating an instance of a Post class with an user attribut it doesn't raise an ...
0
votes
1
answer
72
views
How to restrict Django users from filling a form twice in different sessions
I have a form for employees to fill their bio data, I want to restrict the employees from viewing the form more than once.
That is after filling the form, you can’t view the empty form anymore, you ...
1
vote
0
answers
63
views
Django-guardian has_perm("codename", obj) is False even if group has the permission
I'm trying to implement django-guardian permissions in my project.
In the TestCase below, I assigned view_income permission to staff group. That means, also user_c has the permission.
The problem is ...
2
votes
1
answer
3k
views
Custom permission in django rest framework
I want to write a custom permission to restrict access to the display picture of a user. My user profile model is called Member and the implementation is as follows:
# imports
class Member(models....
0
votes
2
answers
259
views
How do I apply higher permissions to child pages in Wagtail?
I am building an intranet site for my organization with Wagtail and we are in the process of adding a knowledge base. The entire site needs to be restricted to logged-in users, but certain pages need ...
1
vote
1
answer
124
views
Django permissions are present but has_perm() returns False
I'm working on the permissions on a Django 4.1 application. All these permissions are given by groups. First permission first problem:
Permission codename: can_see_all_images
appname for the ...
0
votes
1
answer
704
views
How to write permissions in a viewset with conditional statements in DRF?
I have a viewset written in DRF:
class MyViewSet(ModelViewSet):
serializer_class = MySerializer
queryset = models.MyClass.objects.all()
def get_serializer_class(self):
permission =...
0
votes
4
answers
501
views
How to apply permissions on perform_create in ViewSet DRF
This is my View Set:
class MyViewSet(ModelViewSet):
serializer_class = MySerializer
queryset = MyClass.objects.all()
def get_serializer_class(self):
if self.request.user....
0
votes
0
answers
117
views
Django share common permission across django app
I would like to know if there is a better way to implement common permission that is very similar across django app. For example, app1 need permission_x, app2 need permission_x, and app3 need ...
0
votes
1
answer
721
views
Permissions to edit only one field in a Model. Django
I am developing an app which will have different types of users, and the objective is that in a specific Model, it is completed in a community way.
Example:
3 types of users: UserTotal, UserParcial, ...
0
votes
0
answers
814
views
Is it necessary add IsAuthenticated permissions to permission_classes in view that is inherited from LoginRequiredMixin
I have a class-based view called ProfileDetail. It is inherit LoginRequiredMixin from django.contrib.auth.mixins. And then set permission_classes = (IsAuthenticated,). Basically all client that view ...
2
votes
1
answer
121
views
View specified permission isn't replaced by default permission class
When I set default permission settings to
"DEFAULT_PERMISSION_CLASSES": [
"rest_framework.permissions.AllowAny",
],
and then define different permission for views like
...
1
vote
1
answer
883
views
How do I use permission_classes in a custom method of a Viewset in DjangoRestFramework?
Suppose that I have a Viewset named UserViewset, and I have assigned IsAuthenticated permission to UserViewset Viewset. Now, I want to create a normal method (not an action method), and I want to ...
1
vote
1
answer
294
views
Adding permissions to user on the serializer
I'm trying to add/update permissions for users by id on the serializer, but nothing changed (no add no update) and I don't get any errors so I can't know where is the problem, I have tried several ...
0
votes
0
answers
94
views
Forbidden (CSRF cookie not set.): /auth for obtaining_auth_token
I am trying to get an auth token for the client (OrderClient.py). This keeps failing with
Forbidden (CSRF cookie not set.): /auth.
Here is my views
from rest_framework.decorators import api_view,...
1
vote
0
answers
46
views
Django superuser not allowed to edit this model
Since recently I need to work home, but Django is working against me. I'm having a very peculier issue. I clone the repo, create a MySQL schema, migrate, dump all the data from the server into my ...
0
votes
1
answer
195
views
Django custom permission not being assigned to newly created User
This seems pretty trivial but I can't figure out what I'm doing wrong. I've checked several SO posts that sounded similar but the issue apparently lies elsewhere.
I have a custom permission on my ...
3
votes
0
answers
120
views
Object level permission at ORM level in Django
I have a Django application (mainly a rest API) with a completely custom User model (not inhered from Django). My authentication is based on JWT tokens.
I would like to make sure a user cannot access ...
0
votes
2
answers
402
views
Handle Django Rest Framework permission when creating related objects
The has_object_permission method of a Permission on DRF obviously does not get executed on Create, since the object does not exist yet. However, there are use cases where the permission depends on a ...
0
votes
1
answer
35
views
Why Django auto adds permissions to group?
Currently I'm making some groups for my backend and I noticed through the admin panel that the groups have some extra permissions I did not add. What is the cause of this behavior?
models.py:
...
0
votes
1
answer
702
views
Implement Django permissions per group per user's companies
I have a CustomUser model, each user could be linked to multiple companies. I have initiated my application with 3 generic Django groups; viewer, editor, and supervisor and each user could be a member ...
0
votes
1
answer
589
views
Pass argument to custom permision class in django
I have a custom permission class that extends the rest framework base permission. I am trying to pass an argument allowed_groups that will be a list of all the groups that have access to the ...
0
votes
1
answer
80
views
Adding permissions to a django rest api
I am working on a django rest api and i want to add permission to it
. I decided to go with IsAuthenticatedOrReadOnly to allow none authenticated people to read only and allow authenticated people to ...
0
votes
0
answers
92
views
Using session data ion custom permissions Django
I want to validate session data in custom permission, when i tried to access session data inside permissons it is showing None.Please help on this.
class IsEmployee(permissions.BasePermission):
def ...
0
votes
1
answer
444
views
How to refer or access the custom made permissions in `has_perm()` and `required_permissions`, in Django?
I want to know that how do I refer the custom made permissions in the has_perm() method of User Model and required_permissions attribute of PermissionRequiredMixin Class?
Let's say I create the ...
-1
votes
1
answer
466
views
How to create Workspaces and manage them for all the users in Django?
I have a complete Login and Registration system in my Django app, that lets me register users, log in users, logout users, change passwords, reset passwords, invite users. I have all the basic ...
1
vote
0
answers
116
views
How to handle object specific permissions in django-river?
I have a use case for django-river where users can approve some objects (database records) in a model but not all of them. I need to check if a user can approve a transition programmatically as a user ...
0
votes
1
answer
77
views
DRF Model Permission denying access to authenticated user
I'm getting a permission denial error but, if I'm understanding things correctly, the permissions should already have been assigned.
class UserList(generics.ListCreateAPIView):
queryset = User....
1
vote
1
answer
135
views
Django Permissions traversal across multiple foreign keys
I have 4 core entity models:
User
Can be an Owner or Participant on a Collection
Collection
Recipe
A recipe has a foreign key to a collection
Steps
A step has a foreign key to a recipe
In order ...
0
votes
0
answers
320
views
"permission matching query does not exist" errors i encounter with django guardian
Am trying to enable my website users block other users they don't want again as friends just like we can on Facebook. I decided to implement it with Django guardian. when a user clicks a button, a ...