Django group permission activate












0















If you have django.contrib.auth in your INSTALLED_APPS django will automatically create add, change, delete and view permissions to every model in your system (or any one you add later). These are stored in auth_permission.



In django doc, here is what we can read under Groups section:
django.contrib.auth.models.Group models are a generic way of categorizing users so you can apply permissions, or some other label, to those users. A user can belong to any number of groups.
A user in a group automatically has the permissions granted to that group. For example, if the group 'Site editors' has the permission can_edit_home_page, any user in that group will have that permission.



I've a group with no permission at all (call it NADA) and I've assign that group to a specific user (let's call him Pierre). Pierre can still connect and create, update, delete or view anything on my web interface.



How can I make it working? There's few or no doc on the web for native Django Permission.




  • I've read this nice publication
    django-permission-apps-comparison.

  • I know I could install django-guardian, django-role-permissions or
    django-rules...

  • I know we can manage access via middleware or decorator But since django IS creating these tables for us (user, groups, permissions and group_permissions)


I thought it was extremely simple to implement CRUD access to any model class!



Wrong?



Do I miss something?



Note: Working with Python3.6 and Django 2.1.3






python django permissions rbac







share|improve this question



























    0















    If you have django.contrib.auth in your INSTALLED_APPS django will automatically create add, change, delete and view permissions to every model in your system (or any one you add later). These are stored in auth_permission.



    In django doc, here is what we can read under Groups section:
    django.contrib.auth.models.Group models are a generic way of categorizing users so you can apply permissions, or some other label, to those users. A user can belong to any number of groups.
    A user in a group automatically has the permissions granted to that group. For example, if the group 'Site editors' has the permission can_edit_home_page, any user in that group will have that permission.



    I've a group with no permission at all (call it NADA) and I've assign that group to a specific user (let's call him Pierre). Pierre can still connect and create, update, delete or view anything on my web interface.



    How can I make it working? There's few or no doc on the web for native Django Permission.




    • I've read this nice publication
      django-permission-apps-comparison.

    • I know I could install django-guardian, django-role-permissions or
      django-rules...

    • I know we can manage access via middleware or decorator But since django IS creating these tables for us (user, groups, permissions and group_permissions)


    I thought it was extremely simple to implement CRUD access to any model class!



    Wrong?



    Do I miss something?



    Note: Working with Python3.6 and Django 2.1.3






    python django permissions rbac







    share|improve this question

























      0












      0








      0








      If you have django.contrib.auth in your INSTALLED_APPS django will automatically create add, change, delete and view permissions to every model in your system (or any one you add later). These are stored in auth_permission.



      In django doc, here is what we can read under Groups section:
      django.contrib.auth.models.Group models are a generic way of categorizing users so you can apply permissions, or some other label, to those users. A user can belong to any number of groups.
      A user in a group automatically has the permissions granted to that group. For example, if the group 'Site editors' has the permission can_edit_home_page, any user in that group will have that permission.



      I've a group with no permission at all (call it NADA) and I've assign that group to a specific user (let's call him Pierre). Pierre can still connect and create, update, delete or view anything on my web interface.



      How can I make it working? There's few or no doc on the web for native Django Permission.




      • I've read this nice publication
        django-permission-apps-comparison.

      • I know I could install django-guardian, django-role-permissions or
        django-rules...

      • I know we can manage access via middleware or decorator But since django IS creating these tables for us (user, groups, permissions and group_permissions)


      I thought it was extremely simple to implement CRUD access to any model class!



      Wrong?



      Do I miss something?



      Note: Working with Python3.6 and Django 2.1.3






      python django permissions rbac







      share|improve this question














      If you have django.contrib.auth in your INSTALLED_APPS django will automatically create add, change, delete and view permissions to every model in your system (or any one you add later). These are stored in auth_permission.



      In django doc, here is what we can read under Groups section:
      django.contrib.auth.models.Group models are a generic way of categorizing users so you can apply permissions, or some other label, to those users. A user can belong to any number of groups.
      A user in a group automatically has the permissions granted to that group. For example, if the group 'Site editors' has the permission can_edit_home_page, any user in that group will have that permission.



      I've a group with no permission at all (call it NADA) and I've assign that group to a specific user (let's call him Pierre). Pierre can still connect and create, update, delete or view anything on my web interface.



      How can I make it working? There's few or no doc on the web for native Django Permission.




      • I've read this nice publication
        django-permission-apps-comparison.

      • I know I could install django-guardian, django-role-permissions or
        django-rules...

      • I know we can manage access via middleware or decorator But since django IS creating these tables for us (user, groups, permissions and group_permissions)


      I thought it was extremely simple to implement CRUD access to any model class!



      Wrong?



      Do I miss something?



      Note: Working with Python3.6 and Django 2.1.3






      python django permissions rbac




      python django permissions rbac






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 23 '18 at 10:55









      openHBPopenHBP

      564




      564
























          1 Answer
          1






          active

          oldest

          votes


















          1














          Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.



          First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.



          If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.






          share|improve this answer


























          • For django-admin it works fine but I would like to implement it in my web application. Instead of writing decorator for each view I was wondering if this feature could work also in my app. Even with decorator you can only set 2 things: Read Only or Create, Update Delete... Or you have to display or not the Create, Update, Delete button/link in your app...

            – openHBP
            Nov 28 '18 at 10:31













          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53445355%2fdjango-group-permission-activate%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          1














          Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.



          First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.



          If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.






          share|improve this answer


























          • For django-admin it works fine but I would like to implement it in my web application. Instead of writing decorator for each view I was wondering if this feature could work also in my app. Even with decorator you can only set 2 things: Read Only or Create, Update Delete... Or you have to display or not the Create, Update, Delete button/link in your app...

            – openHBP
            Nov 28 '18 at 10:31


















          1














          Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.



          First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.



          If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.






          share|improve this answer


























          • For django-admin it works fine but I would like to implement it in my web application. Instead of writing decorator for each view I was wondering if this feature could work also in my app. Even with decorator you can only set 2 things: Read Only or Create, Update Delete... Or you have to display or not the Create, Update, Delete button/link in your app...

            – openHBP
            Nov 28 '18 at 10:31
















          1












          1








          1







          Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.



          First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.



          If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.






          share|improve this answer















          Django permissions are simple. As far as I understand your question, you are trying to create a user with no permission and he should not see any entries on the Django admin.



          First thing is to make sure the user is not marked as "superuser", the superuser sees everything no matter which group they are added in.



          If he is not a superuser and is still able to see the model then you should make sure he is not part of multiple groups. If a user is in multiple groups then a union of all permissions is what is applied to them. This link will give you more details on different flags for a user https://djangobook.com/users-groups-permissions/. Let me know if this helps.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 7 '18 at 11:05

























          answered Nov 26 '18 at 9:48









          noor3240552noor3240552

          113




          113













          • For django-admin it works fine but I would like to implement it in my web application. Instead of writing decorator for each view I was wondering if this feature could work also in my app. Even with decorator you can only set 2 things: Read Only or Create, Update Delete... Or you have to display or not the Create, Update, Delete button/link in your app...

            – openHBP
            Nov 28 '18 at 10:31





















          • For django-admin it works fine but I would like to implement it in my web application. Instead of writing decorator for each view I was wondering if this feature could work also in my app. Even with decorator you can only set 2 things: Read Only or Create, Update Delete... Or you have to display or not the Create, Update, Delete button/link in your app...

            – openHBP
            Nov 28 '18 at 10:31



















          For django-admin it works fine but I would like to implement it in my web application. Instead of writing decorator for each view I was wondering if this feature could work also in my app. Even with decorator you can only set 2 things: Read Only or Create, Update Delete... Or you have to display or not the Create, Update, Delete button/link in your app...

          – openHBP
          Nov 28 '18 at 10:31







          For django-admin it works fine but I would like to implement it in my web application. Instead of writing decorator for each view I was wondering if this feature could work also in my app. Even with decorator you can only set 2 things: Read Only or Create, Update Delete... Or you have to display or not the Create, Update, Delete button/link in your app...

          – openHBP
          Nov 28 '18 at 10:31




















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Stack Overflow!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53445355%2fdjango-group-permission-activate%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Berounka

          Image
          Berounka.mw-parser-output .entete.map{background-image:url("//upload.wikimedia.org/wikipedia/commons/7/7a/Picto_infobox_map.png")} Caractéristiques Longueur 139  km Bassin 8 861  km 2 Bassin collecteur Elbe Débit moyen ? Cours Source Confluence de la Mže et de la Radbuza · Localisation Pilsen · Altitude 305  m · Coordonnées 49° 45′ 13″ N, 13° 23′ 24″ E Confluence Vltava · Localisation Prague · Altitude 187  m · Coordonnées 49° 59′ 43″ N, 14° 24′ 04″ E Géographie Pays traversés   République tchèque modifier   La Berounka est une rivière de la République tchèque. Elle porte le nom de Mže depuis sa source en Allemagne près de la frontière jusqu'à sa confluence avec la Radbuza à Plzeň. Elle continue ensuite sous le nom de Berounka jusqu'à sa confluence avec la Vltava, près de Prague. La rivière est une destination prisée pour les amateurs de canoë, qui appréc
          Read more

          Fiat S.p.A.

          Image
          Cet article court présente un sujet plus développé dans : Fiat et Fiat Chrysler Automobiles. Fiat S.p.A. Fiat S.p.A. ( Fabbrica Italiana Automobili Torino , acronyme FIAT) est un groupe, notamment connu comme société-mère du constructeur automobile italien, Fiat. Portail des entreprises Portail de Turin Portail de l’automobile This page is only for reference, If you need detailed information, please check here
          Read more

          Type 'String' is not a subtype of type 'int' of 'index'

          Image
          up vote 0 down vote favorite My App can authenticate successfully when debugging against the Android emulator, but if I try to authenticate using debugging against the physical device (with same OS version), an error message appears after more than one minute waiting: Exception has occurred. _TypeError (type 'String' is not a subtype of type 'int' of 'index') The error message points to the following code: if (responseJson[AuthUtils.authTokenKey] != null) { AuthUtils.insertDetails( userNameController.text, passwordController.text, responseJson); ... } else { ... }; And in the DEBUG CONSOLE I get the following: I/flutter ( 9531): Auth: SocketException: OS Error: Connection timed out, errno = 110, address = example.com, port = 3897
          Read more