id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
7484	Per user permissions	Adrian Ribao <aribao@…>	nobody	"Hello, I was building my own admin zone as the admin doesn't have the features I needed for some projects. Basically, I needed to manage a tree structure of models where each object had a user owner.


{{{
class Library(models.Model):
   user = models.ForeignKey( User )
   name = models.CharField(max_legth=255)
   
   class eAdmin:
      constraints = {'user':'request.user',}
      user_field = 'user'

class Book(models.Model):
   library = models.ForeignKey(Library)
   title = ..
   pages = ...

   class eAdmin:
      constraints = {'library':'parent',}
      user_field = 'user'

class Chapter(models.Model):
   book = models.ForeignKey(Book)
   number = ...

   class eAdmin:
      constraints = {'book':'parent',}
      user_field = 'user'
}}}

The eAdmin was similar to the Admin application of Django but the templates look like:

||Library name||Relations||
||My library||Book - ... ||

If you click book the list would be like:
||Book name||Relations||
||The Django Book||Chapters - ... ||

I haven't finished it yet, but it's usable, and as nfa is heavily developed, I thought it might be interesting. I just open this ticket to evaluate the idea, and if it's accepted I'll be happy to help, although I understand with the roadmap there is no much time to implement more things. Anyway, I prefer to have this in the nfa rather than create a custom eAdmin myself.

The app checks the permissions that the user have before creating/editing/deleting anything.

Also if we have this data:
* User1
 * Library1
   * Book1
     * Chapter1
     * Chapter2
   * Book2
* User2
 * Library2
   * Book3
     * Chapter3
     * Chapter4
   * Book4 
When a user tries to add/edit/delete an object the eAdmin always checks if that object belongs to the user recursively (user_field = 'user'). For example, if we are user2 and we hack the url to delete Chapter1, the app tries to find a field with name: 'user' in Chapter, if is not found, in Book, and finally in Library. If it's found and the user=request.User returns True, if not found or user != request.User return False
I attach the application and you can have a look at it, it has a few lines of code but as I said is usable but far from being published.

By the way, it also has some custom widgets to make easy manage image fields, where a thumbnail is shown in the field, and a template filter to create thumbs, that I'd like to add to django soon.
"		closed	Tools	newforms-admin		wontfix	extra features tree objects per user	aribao@…	Design decision needed	0	0	0	0	0	0