#7484 closed (wontfix)
Per user permissions
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | Tools | Version: | newforms-admin |
Severity: | Keywords: | extra features tree objects per user | |
Cc: | aribao@… | Triage Stage: | Design decision needed |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Hello, I was building my own admin zone as the admin doesn't have the features I needed for some projects. Basically, I needed to manage a tree structure of models where each object had a user owner.
class Library(models.Model): user = models.ForeignKey( User ) name = models.CharField(max_legth=255) class eAdmin: constraints = {'user':'request.user',} user_field = 'user' class Book(models.Model): library = models.ForeignKey(Library) title = .. pages = ... class eAdmin: constraints = {'library':'parent',} user_field = 'user' class Chapter(models.Model): book = models.ForeignKey(Book) number = ... class eAdmin: constraints = {'book':'parent',} user_field = 'user'
The eAdmin was similar to the Admin application of Django but the templates look like:
Library name | Relations |
My library | Book - ... |
If you click book the list would be like:
Book name | Relations |
The Django Book | Chapters - ... |
I haven't finished it yet, but it's usable, and as nfa is heavily developed, I thought it might be interesting. I just open this ticket to evaluate the idea, and if it's accepted I'll be happy to help, although I understand with the roadmap there is no much time to implement more things. Anyway, I prefer to have this in the nfa rather than create a custom eAdmin myself.
The app checks the permissions that the user have before creating/editing/deleting anything.
Also if we have this data:
- User1
- Library1
- Book1
- Chapter1
- Chapter2
- Book2
- Book1
- Library1
- User2
- Library2
- Book3
- Chapter3
- Chapter4
- Book4
- Book3
- Library2
When a user tries to add/edit/delete an object the eAdmin always checks if that object belongs to the user recursively (user_field = 'user'). For example, if we are user2 and we hack the url to delete Chapter1, the app tries to find a field with name: 'user' in Chapter, if is not found, in Book, and finally in Library. If it's found and the user=request.User returns True, if not found or user != request.User return False
I attach the application and you can have a look at it, it has a few lines of code but as I said is usable but far from being published.
By the way, it also has some custom widgets to make easy manage image fields, where a thumbnail is shown in the field, and a template filter to create thumbs, that I'd like to add to django soon.
Attachments (1)
Change History (4)
by , 17 years ago
Attachment: | eadmin.tar.bz2 added |
---|
comment:1 by , 17 years ago
milestone: | → post-1.0 |
---|---|
Triage Stage: | Unreviewed → Design decision needed |
I'm pretty sure that'd be for post-1.0 (Maybe 1.1 or 1.2)
I'll mark this as Decision needed, feel free to bring that to django-developers for discussion (I'd recommend to do that after 1.0 release).
comment:2 by , 16 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
It's already possible to do this using various customisation hooks in newforms-admin - in particular, by over-riding the has_add_permission and has_change_permission methods on your ModelAdmin subclass. We'll be documenting these customisation hooks before the 1.0 release.
eAdmin application