|
|
In Django, permissions are basically just a way to set flags for users and groups that either allow or inhibit them from performing certain actions. Permissions are created at the model object level and can be assigned to either a User or Group object.
Did you Know?
Permissions are set globally per object type. You cannot create permission to control a specific instance of the object. For example, you cannot add a permission that would apply only to objects that a specific user creates.
You will work with two different types of permissions. The first type is basic permissions that get assigned to objects automatically. The second type is custom permissions that you create yourself. The following sections discuss the different types of permissions.
Three types of basic permissions are automatically added to each model. The create, add, and delete permissions are added to the auth_permission table in the database for each model. These permissions limit access to the add, change, and delete forms for the model in the admin interface.
Watch Out!
The basic permissions are added for the model only if you include the class admin definition in the model. If you didn't initially add the class admin definition in the model, you need to add it and then run the syncdb utility to add the permissions.
By the Way
Although basic permissions are designed for the admin interface, you can access and use them in your views to verify permissions for users. This is discussed more in the next hour.
You create custom permissions in the model by adding them to the permissions attribute of the Meta class. To assign permissions, add them as a two-element list. The first element is the permission identifier, and the second is a textual name for the permission.
For example, the following code adds the custom permissions can_read and can_write to the Student model:
class Student(models.Model):
. . .
class Meta:
permissions = (
('can_read', 'Reads Well'),
('can_write', 'Writes Well'),
)
Watch Out!
After you add the permissions to the Meta class in the model, you need to run the syncdb utility to add the permissions to the database.
You can add permissions to User and Group objects in one of two ways—by using Python code in your views or by using the admin interface.
Permissions objects can also be assigned to User or Group objects in the admin interface. The User and Group object details page lists available user permissions that exist in the site. If you add permissions in the available permissions list to the chosen permissions list, the permissions are available to the user or group.
You can add or remove permissions to and from a User or Group object using the add(), remove(), and clear() functions. The add() and remove() functions accept one or more permissions and then either add them to or remove them from the User or Group object. The clear() function removes all permissions from the User object.
The following code shows an example of the add(), remove(), and clear() functions on a User object:
userOBJ.user_permissions.add(permissionA, permissionB) userOBJ.user_permissions.remove(permissionC, permissionD) userOBJ.user_permissions.clear()
The following code shows an example of the add(), remove(), and clear() functions on a Group object:
groupOBJ.permissions.add(permissionA, permissionB) groupOBJ.permissions.remove(permissionC, permissionD) groupOBJ.permissions.clear()
Try It Yourself: Create and Set Custom PermissionsIn this section, you will add a custom permission, can_blog, to the Blog model that will control access to creating blog entries. Then you will assign the can_blog permission to the iFriends group.
|
class Blog(models.Model):
title = models.CharField('Title', max_length=200)
text = models.TextField('Text', max_length=2048)
date = models.DateTimeField('Last Modified')
def __str__(self):
return '%s' % (self.title)
class Admin:
pass
class Meta:
permissions = (
('can_blog', 'Allowed to Blog'),
)
|
|
|
