Richard I am currently developing an interface that will need to use role based row level permissions and would be greatful for anything that you are willing to share.
Catriona On Sep 28, 8:53 am, Richard Dahl <[EMAIL PROTECTED]> wrote: > If you are interested, I would love to collaborate on some ideas of > doing this. I have an role-based system working pretty well as of > now, but it does not, as of yet integrate with the admin interface. > If you have any interest I would be more than willing to share some > of what I have come up with. > -richard > > On Sep 27, 2007, at 2:38 PM, Lic. José M. Rodriguez Bacallao wrote: > > > > > I'll do that > > > On 9/27/07, Richard Dahl <[EMAIL PROTECTED]> wrote: > > There is a row-level-permissions branch, but I do not believe it is > > actively being developed at this time. I wrote my own role-based > > permission system and integrated it into all of my models that > > require it. I have not attempted to integrate the permission > > system into the admin interface though. I have used my own views. > > If you just want to limit access to one user (+ admin) this can be > > accomplished relatively easily by storing the user who created the > > model instance as a FK on the model. The threadlocal middleware > > can be used to integrate this into your save method of your models, > > if this is required. You could then create a model.manager to > > filter based on the request.user, and a model method that can > > evaluate whether or not the current user is authorized to edit or > > delete an instance. My advice would be to check the permissions > > before every action, i.e. check as you create a queryset, when > > getting an instance for editing, when the edited instance is > > submitted to be saved, when an instance is to be deleted, etc... > > If you have any specific questions, I would be more than happy to > > answer what I can. > > -richard > > > On 9/27/07, Lic. José M. Rodriguez Bacallao < [EMAIL PROTECTED]> wrote: > > hi people, I got a little question, how can I make some users add > > news (model News), modify only news owned by him or even delete his > > news, not others users news, but only admins can publish all of them? > > > -- > > Lic. José M. Rodriguez Bacallao > > Cupet > > ----------------------------------------------------------------- > > Todos somos muy ignorantes, lo que ocurre es que no todos ignoramos > > lo mismo. > > > Recuerda: El arca de Noe fue construida por aficionados, el titanic > > por profesionales > > ----------------------------------------------------------------- > > > -- > > Lic. José M. Rodriguez Bacallao > > Cupet > > ----------------------------------------------------------------- > > Todos somos muy ignorantes, lo que ocurre es que no todos ignoramos > > lo mismo. > > > Recuerda: El arca de Noe fue construida por aficionados, el titanic > > por profesionales > > ------------------------------------------------------------------ Hide > > quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
