Create custom permissions for data migration
I tried to create a custom permission on migration, however after starting the migration the permission was not created in the permission table. Can anyone point out what the error is? Also I'm not sure what I should use as the bound model for the ContentType, since permission is used to restrict users who can view the page that displays a summary of users on the site. Any help would be greatly appreciated, thanks.
def add_view_aggregated_data_permissions(apps, schema_editor):
ContentType = apps.get_model('django', 'ContentType')
Permission = apps.get_model('auth', 'Permission')
content_type = ContentType.objects.get(app_label='auth', model='user')
permission = Permission.objects.create(codename='can_view_data',
name='Can view data',
content_type=content_type)
source to share
I would recommend that you use the standard way of using custom permissions as described in the Django documentation . You avoid many problems altogether.
To create custom permissions for a given model object, use the Meta-Permissions attribute.
This example model creates a custom permission:
class MyModel(models.Model):
...
class Meta:
permissions = (
('view_data', "Can see available data"),
)
The only thing it does is create additional permissions on startup
manage.py migrate
. Your code is responsible for checking the value of these permissions when the user tries to access the functionality provided by the application ...
Then you can use a decorator permission_required
to view the specific resolution:
from django.contrib.auth.decorators import permission_required
@permission_required('myapp.view_data')
def my_view(request):
...
source to share
I wanted to create custom permission (read) for all app models. I took the following two steps:
-
Create extended permission DjangoModelPermissions:
class DjangoModelPermissionsExtended(DjangoModelPermissions): """ """ perms_map = { 'GET': ['%(app_label)s.read_%(model_name)s'], 'OPTIONS': [], 'HEAD': [], 'POST': ['%(app_label)s.add_%(model_name)s'], 'PUT': ['%(app_label)s.change_%(model_name)s'], 'PATCH': ['%(app_label)s.change_%(model_name)s'], 'DELETE': ['%(app_label)s.delete_%(model_name)s'], }
-
Put it in everyone . I want to have read permission:
class ExampleViewSet(viewsets.ModelViewSet): permission_classes = ( DjangoModelPermissionsExtended, )
-
Create django customread.py command:
from django.core.management.base import BaseCommand, CommandError from project.app import models as app_models from django.db import models from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType import inspect class Command(BaseCommand): help = 'Create the read permission to app models' def handle(self, *args, **options): for name, obj in inspect.getmembers(app_models): if inspect.isclass(obj) and issubclass(obj, models.Model): try: self.add_canread(obj) self.stdout.write(self.style.SUCCESS( 'created permission for %s' % obj )) except Exception as e: self.stdout.write(self.style.ERROR( 'Permission already exists for %s' % obj )) def add_canread(self, object_class): """This a function that can be executed in order to create new permissions (read view) to a class in DB. """ if inspect.isclass(object_class): content_type = ContentType.objects.get_for_model(object_class) permission = Permission.objects.create( codename='read_{}'.format(object_class._meta.model_name), name='Can view {}'.format(object_class.__name__), content_type=content_type, ) else: msg = "The object is not a class" print(msg)
-
Execute it after performing the migration:
python manage.py customread
source to share