I'm making a django website whose admin page looks like this
I want users(The content writer) to access only the Main Area(Events, Formats, Organisers) and not the whole thing. I haven't made any such user as Content Writer as of now. What are the permissions that should be given to that user. Should I make Groups for users(since there are basically 3 types of users as of now, i.e., Admin(Full Access), Content Writer(Limited Access), Basic Users(No access)) or should I just add one/two more variable(s) in my custom user model so that that user can access only the main area of the admin site.
After Giving these permissions can I extract the main area on a new html page and style it accordingly as:-
Events, Formats, Organisers, in Navbar and the details of these page presented somewhat beautifully
models.py
from django.db import models
from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
# Custom User Manager
class CustomUserManager(BaseUserManager):
def _create_user(self, email, password, first_name, last_name=None, **extra_fields):
if (not email):
raise ValueError("Email Must Be Provided")
if (not password):
raise ValueError("Password is not Provided")
user = self.model(
email=self.normalize_email(email),
first_name=first_name,
last_name=last_name,
**extra_fields
)
user.set_password(password)
user.save(using=self._db)
return user
def create_user(self, email, password, first_name, last_name=None, **extra_fields):
extra_fields.setdefault('is_staff', False)
extra_fields.setdefault('is_active', False)
extra_fields.setdefault('is_superuser', False)
return self._create_user(email, password, first_name, last_name, **extra_fields)
def create_superuser(self, email, password, first_name, last_name=None, **extra_fields):
extra_fields.setdefault('is_staff', True)
extra_fields.setdefault('is_active', True)
extra_fields.setdefault('is_superuser', True)
if extra_fields.get('is_staff') is not True:
raise ValueError('Superuser must have is_staff=True.')
if extra_fields.get('is_superuser') is not True:
raise ValueError('Superuser must have is_superuser=True.')
return self._create_user(email, password, first_name, last_name, **extra_fields)
# Custom user Model
class User(AbstractBaseUser, PermissionsMixin):
email = models.EmailField(db_index=True, unique=True, max_length=254)
first_name = models.CharField(max_length=255)
last_name = models.CharField(max_length=255, null=True)
mobile = models.CharField(max_length=50)
address = models.CharField(max_length=250)
# profile_pic = models.ImageField(null=True, blank=True)
is_staff = models.BooleanField(default=True)
is_active = models.BooleanField(default=True)
is_superuser = models.BooleanField(default=False)
objects = CustomUserManager()
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ['first_name']
class Meta:
verbose_name = 'User'
verbose_name_plural = 'Users'
accounts.admin.py
from django.contrib import admin
from .models import User
# Register your models here.
class UserManager(admin.ModelAdmin):
list_display = ['first_name', 'email', 'mobile', 'is_staff', 'is_active', 'is_superuser']
admin.site.register(User, UserManager)
main.admin.py
from django.contrib import admin
from .models import *
# Register your models here.
class EventManager(admin.ModelAdmin):
list_display = [
'event_name',
'organiser_of_event',
'format_of_event',
'date_of_event',
'registration_fees',
'created_at',
'updated_at',
]
admin.site.register(Format)
admin.site.register(Organiser)
admin.site.register(Event, EventManager)
Is there any way of achieving the above? If so, please provide necessary links or the code or some tutorial for it
CodePudding user response:
think you are almost there! Yes in django using the pre-built groups and permissions are really useful as it requires no further complicated permissions checking.
To give a brief description, you can create user groups, like you said:
Admin(Full Access), Content Writer(Limited Access), Basic Users(No access)
And create permissions. For example a permission may be called has_edit_user_access
and this is assigned to admin and possibly content writer. You create as many permissions as you need and you assign them accordingly to the groups. Then the users gain the permissions for the groups they are in.
Here is a useful link that explains model level permissions (which is what I prefer) but there are many ways to do it, this article lists all the ways to use django groups and permissions. There is of course the official documentation but I think this guide does a better job.
To address your second point, you can of course create booleans on models for each permissions, but that is a less scalable. It really depends on the needs of your project!