Stack Overflow
Stack Overflow

Questions tagged [django-guardian]

django-guardian is an implementation of per object permissions on top of Django's authorization backend

django-guardian is an implementation of per object permissions [1] on top of Django's authorization backend,

Online documentation is available at https://django-guardian.readthedocs.io/.

140 questions
43
votes
1 answer

How to handle per object permission in Django nowadays?

I was about to use django-guardian until I came across the following in the official documentation: https://docs.djangoproject.com/en/stable/topics/auth/customizing/#handling-authorization-in-custom-backends Permissions can be set not only per type…
Adam
  • 2,948
  • 10
  • 43
  • 74
19
votes
15 answers

django.core.exceptions.ImproperlyConfigured: AUTH_USER_MODEL refers to model 'auth.User' that has not been installed

After migrating my django and userena packages like below Django 1.8 to Django 1.9.7 django-userena 1.4.1 to django-userena==2.0.1 After running the project , I am getting below this error Unhandled exception in thread started by
swamy_venkatesh
  • 290
  • 1
  • 3
  • 10
12
votes
3 answers

Permission checks in DRF viewsets are not working right

I am implementing an API where I have nested structures. Lets say it is a zoo and I can call GET /api/cage/ to get a list of cages GET /api/cage/1/ to get cage ID 1, but then I can GET /api/cage/1/animals/ to get a list of animals in that cage. The…
Mad Wombat
  • 14,490
  • 14
  • 73
  • 109
12
votes
1 answer

Groups per object using Django and django-guardian object permissions

I'm currently creating a structure where I have employees which belong to a company. Within this company I need to be able to create several groups. Ranks if you will. You could assign less permissions to lower ranks and more permissions to higher…
Jeffrey Vandenborne
  • 495
  • 6
  • 17
11
votes
1 answer

Sharing Objects with other users in Django

I'm modeling a quite complex system in Django. I will post here only the relevant part of it and I will show simplified use cases diagrams to better express my ideas. I basically have 2 type of users: Seller and Customer. A Seller "acquires" a…
Leonardo
  • 4,046
  • 5
  • 44
  • 85
10
votes
7 answers

django.db.utils.OperationalError: no such table: auth_user

After I install Django-userena,there is an error my django version :1.9.5 I just install django-userena step by step ,but when i migrate it ,an error happend and I don't how to solve it. Traceback (most recent call last): File "manage.py",…
李嘉图
  • 109
  • 1
  • 1
  • 3
10
votes
2 answers

Objects with permissions assigned by django-guardian not visible in admin

I'm using django-guardian in order to manage per object permission. For a given user I give permission all permission on one object: joe = User.objects.get(username="joe") mytask = Task.objects.get(pk=1) assign('add_task', joe,…
jul
  • 36,404
  • 64
  • 191
  • 318
9
votes
1 answer

Can django-guardian and django-rules be used together?

I'd like to be able to create per-object permissions using django-guardian. But I'd like to add a layer of logic surrounding these permissions. For example if someone has edit_book permission on a Book, then their permission to edit Pages in that…
Chris
  • 5,664
  • 6
  • 44
  • 55
9
votes
1 answer

Django REST Permissions on Nested Routes

I am using the Django REST framework with the nested router extension. One of my routes looks like: companies/$company/locations/$location where $company and $location are slug variables. I want to allow users to POST to this URL:…
Alex Rothberg
  • 10,243
  • 13
  • 60
  • 120
7
votes
2 answers

Object level permissions in Django admin

I have a model which looks like this: class Change(models.Model): RFC = models.CharField(max_length=10) Ticket_Number = models.CharField(max_length=10) Plan_Owner = models.ForeignKey(User) I then register the model in the Django admin…
Amistad
  • 7,100
  • 13
  • 48
  • 75
7
votes
4 answers

How can I get all users an object has specific permissions to in django guardian?

There is from guardian.shortcuts import get_objects_for_user But what about from guardian.shortcuts import get_users_for_object Thanks.
Natim
  • 17,274
  • 23
  • 92
  • 150
6
votes
1 answer

django-guardian and django-rest-framework

I would like to manage my objects permission using django-guardian in a restful project (using django-rest-framework). What I would like : Allow the connected user to create an object only if he have the "add_modelname" permission. When the…
Ben
  • 3,972
  • 8
  • 43
  • 82
6
votes
3 answers

Django Rest Framework Permission Check On Create

Why doesn't django rest framework check object permissions when creating an object? It makes no sense (to me, anyway) that a user should be able to create an object they couldn't see, update, or delete. Currently I subclass a viewset like class…
cderwin
  • 425
  • 4
  • 11
6
votes
1 answer

row level permissions with django-guardian - no effect on admin interface observed

I have added row level permissions with django-guardian to my project. From the set-up it seems everything worked fine: Guardian specific tables have been created (guardian_groupobjectpermission, guardian_userobjectpermission) Models with…
szeta
  • 589
  • 1
  • 5
  • 21
5
votes
3 answers

Raw query and row level access control over multiple models in Django

I'm trying to provide an interface for the user to write custom queries over the database. I need to make sure they can only query the records they are allowed to. In order to do that, I decided to apply row based access control using…
ertan
  • 289
  • 1
  • 3
  • 14
1
2 3
9 10