ctxis / django-admin-view-permission Goto Github PK
View Code? Open in Web Editor NEWReusable application which provides a view permission for the existing models.
License: BSD 2-Clause "Simplified" License
Reusable application which provides a view permission for the existing models.
License: BSD 2-Clause "Simplified" License
In admin, when using a add user model form raises a key error:
Request Method: | GET
http://127.0.0.1:8000/admin/auth/user/add/
KeyError: 'password'
After I installed the app, I lost my permission in viewing admin page. I am a superuser.
You don't have permission to edit anything.
Any idea on how to resolve it?
If user has view but not change perm, deleting using the action menu will raise a KeyError here https://github.com/ctxis/django-admin-view-permission/blob/master/admin_view_permission/admin.py#L300
Affects Django 1.11.8
Hi, this library is not compatible with Django 2.1 raising the following error during migration with SQLite:
The problem exits in PyPI and master version of the lib
Traceback (most recent call last):
File "C:\GITPRO~1\FEEDCR~1.IO\venv\lib\site-packages\django\db\backends\utils.py", line 88, in _execute
return self.cursor.execute(sql, params)
File "C:\GITPRO~1\FEEDCR~1.IO\venv\lib\site-packages\django\db\utils.py", line 89, in __exit__
raise dj_exc_value.with_traceback(traceback) from exc_value
File "C:\GITPRO~1\FEEDCR~1.IO\venv\lib\site-packages\django\db\backends\utils.py", line 88, in _execute
return self.cursor.execute(sql, params)
File "C:\GITPRO~1\FEEDCR~1.IO\venv\lib\site-packages\django\db\backends\sqlite3\base.py", line 296, in execute
return Database.Cursor.execute(self, query, params)
django.db.utils.IntegrityError: UNIQUE constraint failed: auth_permission.content_type_id, auth_permission.codename
I found that replacing the following in admin_view_permission/apps.py solves the issue:
def update_permissions(sender, app_config, verbosity, apps=global_apps,
**kwargs):
settings_models = getattr(settings, 'ADMIN_VIEW_PERMISSION_MODELS', None)
# TODO: Maybe look at the registry not in all models
for app in apps.get_app_configs():
for model in app.get_models():
view_permission = 'view_%s' % model._meta.model_name
if settings_models or (settings_models is not None and len(
settings_models) == 0):
model_name = get_model_name(model)
if model_name in settings_models and view_permission not in \
[perm[0] for perm in model._meta.permissions]:
model._meta.permissions += (
(view_permission,
'Can view %s' % model._meta.model_name),)
else:
if view_permission not in [perm[0] for perm in
model._meta.permissions]:
model._meta.permissions += (
('view_%s' % model._meta.model_name,
'Can view %s' % model._meta.model_name),)
by this:
def update_permissions(sender, app_config, verbosity, apps=global_apps, **kwargs):
return
Do you think the fix is correct without any side-effect ?
The permissions apply to django.contrib.admin.site.
Admn sites that subclass AdminSite and override some properties cannot have the view functionality.
Hi,
Have you any thoughts on how to handle this long running Django bug?
I'm currently working around this using the custom management command from here, but this does not hook into whatever signaling admin-view-permission does.
Until this bug is resolved, do you see a modification of this mgmt command that would create the view perm?
Somewhat related to #5
Hi guys, i was looking around the django packages site if there was any way to add view permissions, then i came across your app. Am looking to create a youtube tutorial around your app and just wanted to reach out to you guys if its ok to reference your app in the event it meets my needs of cause full credit goes to you guys the authors.
Hi,
This package override models' meta permissions attribute so any custom permissions will not apply.
It would be nice that the view permission is added to permissions attribute rather than overridden.
Hi, thanks for the app.
I meet a bug.
I have few models witn many-to-many relations. In admin I define inline to edit them and relations For example:
class EntityGuideDocumentsInline(admin.TabularInline):
model = Entity.guide_documents.through
Now I want to add view permission.
Even user has permissions to view Entity and GuideDocument models (view_entity and view_guiddocument). He doesn't see inline table, because you expect view_entity_guidedocuments permission. But when we make migration we don't create this permission (permissions for many-to-many inlines).
I hope I describe clear.
Apart from passing the request into the form and checking user permissions, is there a way to determine that the current changepage is view-only?
User with only view permission can still edit and save the model.
All I need to do is to add a submit button to the existing submit row in html and click the button.
Hi !
There's an ongoing PR to include view permissions into django core : django/django#6734
I just found out about your work here, and since it really aims to do the same thing, I thought you may be interested ?
Bests,
Olivier
Some call to the init of this class don't pass request in arg[0] but in kwargs maybe you have to make some modification.
What i've done:
class AdminViewPermissionChangeList(ChangeList):
def __init__(self, request, model, list_display, list_display_links, list_filter, date_hierarchy, search_fields,
list_select_related, list_per_page, list_max_show_all, list_editable, model_admin):
super().__init__(request, model, list_display, list_display_links, list_filter, date_hierarchy, search_fields,
list_select_related, list_per_page, list_max_show_all, list_editable, model_admin)
self.request = request
Users with "change" permissions see "delete selected" action in drop down. When they submit this action, they get 403 error, but I think they should not even see it.
Hi there,
when installing the package via pip
or manually by executing setup.py
the management command is not installed?
Could you change the packages information in setup.py
?
Is it expected behaviour that if a User has view and delete permissions, that they won't be able to delete? i.e. there is still a predicate that a user requires change to add or delete models?
django-admin-view-permission is really cool :-)
Something is strange: with read_only -> OK but with get_readonly_fields() -> KO
Here is the detail. With just a view permission on a Model.
(1) when I use the attribute 'readonly_fields' as below
class MyModelAdmin(model.Admin):
...
readonly_fields = (a,b)
The result in the admin "change view" : all the attributes are displayed in readonly (expected).
(2) when I use instead get_readonly_fields(self, request, obj=None)
class MyModelAdmin(model.Admin):
...
def get_readonly_fields(self, request, obj=None):
return (a,b)
--> all the fields that are in this list (here a,b) are readonly (as expected), but all other fields are read/write (this is unexpected). The rest is ok, no button save, etc.
I'm missing something ?
Thks
I have a custom action, eg: publish_article. And i want users with only view permission to perform this action. However, this package gives no actions for users with only view permission. I think this is not reasonable.
related code: admin_view_permission/admin.py, line 208:
# If the user doesn't have delete permission return an empty
# OrderDict otherwise return only the default admin_site actions
if not self.has_delete_permission(request):
return OrderedDict()
I pip installed version f170c3c
and added 'admin_view_permission',
to INSTALLED_APPS
, but no new migrations are showing up when I run showmigrations
or migrate
. To confirm admin_view_permission
is being loaded, when I add a typo to the name and run showmigrations
I get an ImportError, as expected. Is there anything I need to do besides adding to INSTALLED_APPS
and running migrate
?
django 1.9.2
python 3.4.4
I think you have a typo in the README file:
INSTALLED_APPS = [
'amdin_view_permission',
'django.contrib.admin',
...
]
should be: 'admin_view_permission',
also it says Support
Django: 1.8, 1.9
Python: 2.7, 3.4, 3.5
but in the requirements Django==1.9.4
Hi,
I have 500 error when opening admin details page, having view
permission only and prepopulated_fields = {'slug': ('name',)}
Django==1.11.6
Traceback:
File "/path/local/lib/python2.7/site-packages/django/core/handlers/exception.py" in inner
41. response = get_response(request)
File "/path/local/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
187. response = self.process_exception_by_middleware(e, request)
File "/path/local/lib/python2.7/site-packages/django/core/handlers/base.py" in _get_response
185. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/path/local/lib/python2.7/site-packages/django/contrib/admin/options.py" in wrapper
551. return self.admin_site.admin_view(view)(*args, **kwargs)
File "/path/local/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
149. response = view_func(request, *args, **kwargs)
File "/path/local/lib/python2.7/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
57. response = view_func(request, *args, **kwargs)
File "/path/local/lib/python2.7/site-packages/django/contrib/admin/sites.py" in inner
224. return view(request, *args, **kwargs)
File "/path/local/lib/python2.7/site-packages/adminsortable/admin.py" in change_view
268. form_url='', extra_context=extra_context)
File "/path/django-admin-view-permission/admin_view_permission/admin.py" in change_view
313. request, object_id, form_url, extra_context)
File "/path/local/lib/python2.7/site-packages/django/contrib/admin/options.py" in change_view
1511. return self.changeform_view(request, object_id, form_url, extra_context)
File "/path/local/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapper
67. return bound_func(*args, **kwargs)
File "/path/local/lib/python2.7/site-packages/django/utils/decorators.py" in _wrapped_view
149. response = view_func(request, *args, **kwargs)
File "/path/local/lib/python2.7/site-packages/django/utils/decorators.py" in bound_func
63. return func.__get__(self, type(self))(*args2, **kwargs2)
File "/path/local/lib/python2.7/site-packages/django/contrib/admin/options.py" in changeform_view
1408. return self._changeform_view(request, object_id, form_url, extra_context)
File "/path/local/lib/python2.7/site-packages/django/contrib/admin/options.py" in _changeform_view
1473. model_admin=self)
File "/path/local/lib/python2.7/site-packages/django/contrib/admin/helpers.py" in __init__
45. } for field_name, dependencies in prepopulated_fields.items()]
File "/path/local/lib/python2.7/site-packages/django/forms/forms.py" in __getitem__
164. ', '.join(sorted(f for f in self.fields)),
Exception Type: KeyError at /molly/product/product/679/change/
Exception Value: u"Key 'slug' not found in 'ProductForm'. Choices are: ."
Hi there,
I'm receiving MultiValueDictKeyError from here: admin_view_permission/admin.py in change_view at line 231.
Your help is much appreciated.
Request Method: | GET |
---|---|
http://localhost/admin/auth/user/add/ | |
1.11 | |
KeyError | |
'password' | |
/usr/local/lib/python3.5/site-packages/admin_view_permission/admin.py in get_form, line 339 | |
/usr/local/bin/python | |
3.5.5 | |
['/usr/src/app', '/usr/local/bin', '/usr/local/lib/python35.zip', '/usr/local/lib/python3.5', '/usr/local/lib/python3.5/plat-linux', '/usr/local/lib/python3.5/lib-dynload', '/usr/local/lib/python3.5/site-packages'] | |
5 Mar 2018 17:42:33 +0000 |
The offending code is https://github.com/ctxis/django-admin-view-permission/blob/master/admin_view_permission/admin.py line 339, at least in my case the form has two password fields: password1 and password2
this is part of the rendered form
<div class="form-row field-password1">
<div>
<label class="required" for="id_password1">Password:</label>
<input type="password" name="password1" id="id_password1" required />
</div>
</div>
<div class="form-row field-password2">
<div>
<label class="required" for="id_password2">Password confirmation:</label>
<input type="password" name="password2" id="id_password2" required />
<div class="help">Enter the same password as before, for verification.</div>
</div>
</div>
I want to use this app to my django 2.0 project.
Hi,
I have just noticed that fields attribute may look like this: ((attr1, attr2), attr3) according to https://docs.djangoproject.com/en/1.11/ref/contrib/admin/#django.contrib.admin.ModelAdmin.fields .
On the other hand, readonly_fields doesn't support such format and those fields in tuples won't be displayed. I'll provide a PR for this (spent quite a lot of time debugging it). I hope that it'll be clear what's going on there.
View permissions don't have logs? Is there any way to check who has seen what?
Looks great, but when I call to a related model, it only shows the code:
Vocabulary in General [u'10']
and it doesn't expand the inline Questionaire.
Installed:
Django 1.8.6,
Python 2.7,
Grappelli 2.7.1,
ckeditor 4.4.8 - used for Questionnaire,
MultiSelectField 0.1.3 - used for Summary
Here's my admin.py:
class EvaluationAdmin(admin.ModelAdmin):
fieldsets = [
('Scheduling Info', {'fields': [('candidate'), ('user', ), ('status'), ('source'), ('sourcename')]}),
("Questionnaire", {"classes": ("placeholder evaluationresponse_set-group",), "fields" : ()}),
("Feedback", {"classes": ("placeholder evaluationscore-group",), "fields" : ()}),
('Comments', {'fields': [('comments')]}),
('Summary', {'fields': [('grammar', ), ('conversation'), ('pronunciation'), ('confidence'), ('level')]}),
]
Here are my models:
class Evaluation(models.Model):
xRATING = (
("E", "Excellent "),
("VG", "Very Good "),
("G", "Good "),
("R", "Regular "),
("N", "Needs Improvement "),
("P", "Poor "),
)
grammar= models.CharField(choices=xRATING, max_length=30, blank=True, null=True, verbose_name='Applied Grammar')
class EvaluationScore(models.Model):
xSCOREMSGS1 = (
(10, "Excellent amount of vocabulary."),
(11, "Good amount of vocabulary. Always room for improvement."),
(12, "Needs to acquire more vocabulary to express ideas better."),
(13, "Used some false cognates."),
(14, "Does not have sufficient vocabulary to express ideas; used several false cognates or invented words, used Spanish."),
)
vocabulary_general= MultiSelectField(choices=xSCOREMSGS1, max_length=30, blank=True, null=True, verbose_name='Vocabulary in General')
And here's my form:
class EvaluationResponseform(forms.ModelForm):
response = forms.CharField(widget=CKEditorWidget(),
label=mark_safe("<normal><br/><br/><br/>Are you currently living in a house or in an apartment?"), required=False,)
class Meta:
model = EvaluationResponse
fields = ('response',)
Hello,
I have the following problem: I installed this package with django version 1.11.5 and after adding it to the INSTALLED_APPS array on the admin site I do not see users or groups, could you please help me to solve this problem?
The documentation on how to upgrade to new django and uninstall the view permissions is not quite accurate.
If the view_*
permissions are included in a permission group, the delete queryset fails to run. Please update to include a way to additionally remove the permissions from any associated group.
Maybe add a failsafe to prevent this? I think its censored somehow in the normal change form
Hi,
Very helpful package.I have a issue here. I enabled view permission for my custom user model. This model is also connected to profile model via one to one relation. Now if i assign a user view permission of custom user model and change permission of profile model, my admin still shows the profile inline as readonly.
Is this something that can be taken care of in this great package?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.