User and Permission from admin to the app

[Predator]

Hi there! 

I have a question regarding user permissions.

How can I use the user permissions that I have set in the admin to my django app?

For example, I have a user 'Trainee' and in django admin, I set 'Trainee' to only add to my model. So, 'Trainee' can only add to this model, not change and delete it. When I logged in to my app, I can still delete and change. I may be missing some vital points and I hope someone can point me to the right direction.

Thanks and have a great day!

[Russell Keith-Magee]

Hi Predator,

Permission checks need to be manually added to each view, on a case-by-case basis. Django can't "interpret" what your view is trying to do - all user views look the same to Django - so you need to provide the extra information to describe which permissions are needed at any given part in a view.

For example, you might require "View" permissions to GET a particular view, but require a Change permission (or multiple change permissions, if you're modifying multiple objects, or even a custom permission) to POST to the same view.

The easiest way to do this is to put the @permission_required decorator on a view:

https://docs.djangoproject.com/en/1.8/topics/auth/default/#the-permission-required-decorator

However, you can also use user.has_perm('foo.add_bar') method inside a view (returning a 404 or 403 if the test fails) if you need a more fine-grained approach.

Yours,

Russ Magee %-)

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To post to this group, send email to django...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d64cc98d-40c7-43b1-aecc-25fc7a1d752c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.