django-permissions is a pluggable django app that provides per-object permissions for Django based on roles
django-permissions is a pluggable django app that provides per-object permissions for Django based on roles.
Questions tagged [django-permissions]
431 questions
0
votes
2 answers
In a project in drf, I have endpoint "api/v1/invoice/#id/" so I want to give access to view to only author of this invoice
I have an endpoint /api/v1/invoice/#id/
I want that only author of this invoice should be able to view invoice
Or staff should be able to view this invoice
And superuser should be able to view, update, delete invoice
I tried creating permissions.py…
Rajesh
- 9
- 4
0
votes
1 answer
Can't change user password for Django user model using ModelViewSet
I was using Django user model using the ModelViewSet. When I am making a request to update the password for the current user that is logged in. Although I get a 200 OK response but my password never changes to the new one that I changed.
I also…
Himanshu Poddar
- 7,112
- 10
- 47
- 93
0
votes
1 answer
Check Django Custom permissions from react
It's my first time creating a project with Django in the backend and React frontend. I have a custom user model with boolean fields as is_moderator & is_admin & is_poster. In the frontend, there's a certain button that should only be visible to…
Menna Magdy
- 355
- 1
- 2
- 14
0
votes
1 answer
custom message in raise PermissionDenied not working in Django rest
I tried raise PermissionDenied("Anonymous user") inside a custom permission function but the message I wrote is not showing in the api response. Instead, it is showing the default forbidden message that says you dont have permission to perform this…
Reactoo
- 916
- 2
- 12
- 40
0
votes
2 answers
Isadminuser or Allowyany permission based on the request method in APIView
I have to make a custom permission class based on the request method and the slug that has been passed. I am using APIView to write business logic. The requirements are as follows:
1. Allowany for all the methods except POST.
2. IsAdminUser for POST…
Reactoo
- 916
- 2
- 12
- 40
0
votes
1 answer
django redirect to different view/page if permission denied
Hej!
I have a view where contact details are rendered. The goal is to have some users who are allowed to see all details ('A') and some who only can see for example the name ('B').
Therefore I have two serializers in my model and two views (one for…
piah
- 95
- 1
- 12
0
votes
2 answers
DRF custom permission: allow 'retrieve', deny 'list'
tldr: I want to make a permission, that allows 'retrieve' action but not 'list'.
I'm writing REST API using Django Rest Framework and met a problem creating custom permission (for View from viewsets.ModelViewSet)
Got stuck creating an endpoint that…
Zyroox
- 3
- 3
0
votes
2 answers
Django admin add entry to specific groups
Hej!
I'm looking for a possibility to add entries by different users and groups.
In my app there are different users and different groups where one user can belong to multiple groups. The goal is that some of the groups have sensitive data so I only…
piah
- 95
- 1
- 12
0
votes
1 answer
How to give permission to some specific user to access some specific templates in django
I am trying to create a Online exam portal and I have created one admin portal for that site. I have 2 types of users in my site "Students" and "Teachers". How can I restrict students from accessing the admin portal and other views of admin panel?
0
votes
1 answer
Wagtail Admin - Allow Editor to Edit Custom Setting
I have created a custom setting in Wagtail, allowing an alert banner to be edited in the admin.
from django.db import models
from wagtail.contrib.settings.models import BaseSetting, register_setting
from wagtail.admin.edit_handlers import…
kbdev
- 1,225
- 1
- 13
- 33
0
votes
2 answers
Why is it returning 204 instead of 403? Custom permissions does not working
I have a table that stores parent - child records. Today, I noticed a problem while writing a unit test. Even if the requester is not the parent of the child, they can delete the record. But on the view side, if the user is not the owner of the…
ATK
- 103
- 1
- 11
0
votes
3 answers
How can I restrict user to to view only specific page having a dynamic URL?
I am doing a project in which I have created a model form for employee details. Now, I want the user to be able to update only their records through the employee form and the URL of this employee form is dynamic.
In this project, I am populating the…
mayank gupta
- 19
- 8
0
votes
1 answer
Testing custom permission in django-rest-framework expected 201 but was 400
Problem is, I can't post the field "author" as you can see in the tests.py, and returns an error "{'author': [ErrorDetail(string='Invalid pk "1" - object does not exist.', code='does_not_exist')]}" see attached photo below.
This is the error when…
0
votes
1 answer
How to check if a requested user has a specific custom permission in Django Rest Framework?
I want to check with a boolean answer of True/False if a requested user has a permission defined in permissions.py.
More in particular, I want to check if the requested user has the permission of IsDriver. Is somehow possible?
class…
gtopal
- 544
- 1
- 9
- 35
0
votes
1 answer
Django : how to assign permissions automatically after initial migration
I'm using Django for my backend and everything's fine.
But I now have to enable permissions and so on.
I'm trying to assign all the permissions of an app to a group during the migration process but here is the problem :
During the initial migration,…
lbris
- 1,068
- 11
- 34