New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assign permission to any object of a type #766
Comments
What do you want is not object-level permission, but model-level permission. Model-level permission is build-in in Django, so you do not need Django-guardian for that. If you really want to use django-guardian you might use it like that: from guardian.shortcuts import assign_perm
assign_perm('articles.view_article', user, obj=None) If you think that the issue has been resolved - please close it. |
I think I really need object-level permission. Because
Furthermore, to see if a user has access to edit a certain All we need is to check if a user has access to a |
Regarding this requirement, ad-m means it will work using assign_perm or you can do it through the admin site by adding the ####### This doesn't work, as an object is needed #######
UserObjectPermission.objects.assign_perm('change_website', admins)
# This will work using assign_perm
from guardian.shortcuts import assign_perm
assign_perm('articles.view_website', admins, obj=None) I think you need the app name as a prefix in the permission, btw. And indeed, for the rest you need row-level permissions. Especially for " if a user has access to edit a certain Article for example, we check if that user has permission to edit the Website this Article is attached to" - this is easy to do in view code: request.user.has_perm('articles.view_website", article.website) The same seems more complex to do in the admin site - anyone that knows how please share. |
I've managed to integrate guardian per row permission checking into the admin site. Admin list and change views now work as expected: a staff user can view and change rows for which he's been granted the permission. The per model classic Django permissions still work as before. @ad-m would you be interested in a patch containing a PerRowPermissionCheckerModelAdminMixin and an update to the documentation page (https://django-guardian.readthedocs.io/en/stable/userguide/admin-integration.html) explaining how to use it ? There are multiple open issues asking how to check per row perms in admin, this would solve them. See also #761 |
I'm not interested in making such contributions to the project personally as I don't use django-guardian actively (see #759). I participate in this project sporadically when I receive a notification as there are no enought people in the project (see #603). After you have properly granted the permissions, you can override the get_queryset method of |
@ad-m I propose writing the MR and you'd have to review it and merge it. Will that work for you ? Thanks for the suggestion for accept_global_perms. |
I'm trying to make an "admin" group with django-guardian that has access to all objects of a type instead of a single object, like such:
Any way to do this? Or is this the wrong approach and there is another way of doing this?
The text was updated successfully, but these errors were encountered: