Solution thanks to Sk1p:
from django.contrib.auth.decorators import permission_required
ip_manager/urls.py:
urlpatterns = patterns('',
url(r'^(?P<groupname>\w+)/tag/add/$', permission_required('ip_manager.add_tag')(TagFormView.as_view()), name='tag-add'),
)
I am trying to restrict users from adding, changing, or deleting a model. I am using only CBVs. I have looked at the following examples..
and
How to use permission_required decorators on django class-based views
My problem is I want to tell which permission a user needs to access, but I am not sure how to specify it. I tried passing the permission as a arg in login-required and tested it on a user with no permissions set. This method did not work it still allowed me to add a new model object. Does any one have any suggestions?
ip_manager/urls.py:
urlpatterns = patterns('',
url(r'^(?P<groupname>\w+)/tag/add/$', login_required(TagFormView.as_view(), 'ip_manager.add_tag'), name='tag-add'),
)
Thanks, Ryan
If you want to specify the needed permissions, you need to use the permission_required
decorator . Because it takes an argument, something like the following should work:
permission_required("your_permission")(TagFormView.as_view())
This is also stated in the documentation: Decorating class-based views
Another way to restrict permissions on Class-Based Views (instead of the URL route) is to use Groups
within the admin panel and a PermissionRequiredMixin
on the view itself. Just apply the PermissionRequiredMixin
as such...
class MemoCreateView(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
permission_required = 'memos.can_change_memo'
model = Memo
... then add users to specific Groups
within the admin panel and apply can_change_memo
permissions to that Group
.. Or better-yet, apply the group to the users on sign-up!
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.