Home > Software engineering >  Why DjangoObjectPermissions is not working for admin user?
Why DjangoObjectPermissions is not working for admin user?

Time:07-26

Problem: I have assigned DjangoObjectPermissions which is working perfectly working for normal users but Its not workign for admin users.

models.py 

class Transformer(models.Model):
    name = models.CharField(max_length=150, unique=True)
    alternate_mode = models.CharField(
        max_length=250,
        blank=True,
        null=True)
    description = models.CharField(
        max_length=500,
        blank=True,
        null=True)
    alive = models.BooleanField(default=False)

    class Meta:
        ordering = ('name',)

    def __str__(self):
        return self.name

serializers.py 

class TransformerSerializer(serializers.ModelSerializer):
    class Meta:
        model = Transformer
        fields = "__all__"

views.py 

class TransformerList(generics.ListCreateAPIView):
    queryset = Transformer.objects.all()
    serializer_class = TransformerSerializer
    permission_classes = [DjangoObjectPermissions, ]

    def perform_create(self, serializer):
        instance = serializer.save()
        assign_perm("delete_transformer", self.request.user, instance)

class TransformerDetail(generics.RetrieveUpdateDestroyAPIView):
    queryset = Transformer.objects.all()
    serializer_class = TransformerSerializer
    permission_classes = [DjangoObjectPermissions, ]

settings.py 

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'snippets',
    'class_based_api_views',
    'guardian'
]

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend',
    'guardian.backends.ObjectPermissionBackend',
)

Testing
created admin user -> username=admin
created normal user -> username=user3

created one transformer post using user3 user.

Object detail view
Image of Object detail view
Object's permission
Image of object's permission
user3 can delete his own post as expected
Image for user3 can delete his own post as expected
Admin can do everything on object: not expected
Admin can do everything on object: not expected

Question: Why Admin user can edit/delete object which he dont have permission.

CodePudding user response:

Superuser has access to all resources regardless of defined permissions.

Page link:https//www.codepudding.com/Softwareengineering/488164.html

Prev:Delete a specific filtered element
Next:Is there way to add MediaController in a Dialog android?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding