Opened 10 years ago

Closed 10 years ago

Last modified 9 years ago

#7484 closed (wontfix)

Per user permissions

Reported by: Adrian Ribao <aribao@…> Owned by: nobody
Component: Tools Version: newforms-admin
Severity: Keywords: extra features tree objects per user
Cc: aribao@… Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Hello, I was building my own admin zone as the admin doesn't have the features I needed for some projects. Basically, I needed to manage a tree structure of models where each object had a user owner.

class Library(models.Model):
   user = models.ForeignKey( User )
   name = models.CharField(max_legth=255)
   class eAdmin:
      constraints = {'user':'request.user',}
      user_field = 'user'

class Book(models.Model):
   library = models.ForeignKey(Library)
   title = ..
   pages = ...

   class eAdmin:
      constraints = {'library':'parent',}
      user_field = 'user'

class Chapter(models.Model):
   book = models.ForeignKey(Book)
   number = ...

   class eAdmin:
      constraints = {'book':'parent',}
      user_field = 'user'

The eAdmin was similar to the Admin application of Django but the templates look like:

Library nameRelations
My libraryBook - ...

If you click book the list would be like:

Book nameRelations
The Django BookChapters - ...

I haven't finished it yet, but it's usable, and as nfa is heavily developed, I thought it might be interesting. I just open this ticket to evaluate the idea, and if it's accepted I'll be happy to help, although I understand with the roadmap there is no much time to implement more things. Anyway, I prefer to have this in the nfa rather than create a custom eAdmin myself.

The app checks the permissions that the user have before creating/editing/deleting anything.

Also if we have this data:

  • User1
    • Library1
      • Book1
        • Chapter1
        • Chapter2
      • Book2
  • User2
    • Library2
      • Book3
        • Chapter3
        • Chapter4
      • Book4

When a user tries to add/edit/delete an object the eAdmin always checks if that object belongs to the user recursively (user_field = 'user'). For example, if we are user2 and we hack the url to delete Chapter1, the app tries to find a field with name: 'user' in Chapter, if is not found, in Book, and finally in Library. If it's found and the user=request.User returns True, if not found or user != request.User return False
I attach the application and you can have a look at it, it has a few lines of code but as I said is usable but far from being published.

By the way, it also has some custom widgets to make easy manage image fields, where a thumbnail is shown in the field, and a template filter to create thumbs, that I'd like to add to django soon.

Attachments (1)

eadmin.tar.bz2 (15.6 KB) - added by Adrian Ribao <aribao@…> 10 years ago.
eAdmin application

Download all attachments as: .zip

Change History (4)

Changed 10 years ago by Adrian Ribao <aribao@…>

Attachment: eadmin.tar.bz2 added

eAdmin application

comment:1 Changed 10 years ago by Marc Fargas

milestone: post-1.0
Triage Stage: UnreviewedDesign decision needed

I'm pretty sure that'd be for post-1.0 (Maybe 1.1 or 1.2)
I'll mark this as Decision needed, feel free to bring that to django-developers for discussion (I'd recommend to do that after 1.0 release).

comment:2 Changed 10 years ago by anonymous

Resolution: wontfix
Status: newclosed

It's already possible to do this using various customisation hooks in newforms-admin - in particular, by over-riding the has_add_permission and has_change_permission methods on your ModelAdmin subclass. We'll be documenting these customisation hooks before the 1.0 release.

comment:3 Changed 9 years ago by (none)

milestone: post-1.0

Milestone post-1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top