Django Admin User Model Permission Overrides & Performing Extra Operations

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome back to another django admin series tutorial so here we're going to look specifically at model permissions so before we go on it's probably worth saying that there are many ways of creating permissions and applying permissions in django so this is really just a first look at model permissions via model admin methods so specifically here we're going to be looking at the model admin um has add has changed has delete and has view so we're just going to run through these and apply them within a project to show you how they work and then potentially how to extend them if you are comfortable at creating a simple django project you can just start in this tutorial from part two where you can download the repository code the zip file called part two load that up and you can just start the tutorial from here however i will be starting from part one where i'll just go through the django project setup for those who are new or not so familiar with django so first of all i'll create a new project and then we'll make a new custom admin area again and then just create some users uh we'll need to make a few models so that we can add some data to the models and delete it and show the permissions in action so we need to do that too so part one would do that and then part two we'll move over to then actually applying permissions so it's a little bit of an optional step for you if you need it and then the last part of this tutorial we will work for a basic extension of these permissions and extend to make decisions based upon the user so for example we can take the has delete commission and then deny access to everyone and then we can specifically select users who maybe have got the delete permission for example okay so that's the tutorial let's start off on part one we're going to create a new project make some custom make a custom admin area and then create some new users so let's get started so we'll apologize in advance pretty much showing you these steps every single tutorial of course i try and make this open and available to just about anyone with just about any type of level of django knowledge so we're going to start by building a new project so we're going to need a new folder for this so i'm going to put this on i know the desktop for example let's create a new project so i'm just going to call this django admin so i've got a new project folder of course now we're going to need a virtual machine so i'm assuming you have python installed on your machine this is a windows machine so we're going to use the m switch then create the new virtual environment folder called vemv so this is our virtual environment and then of course i just need to activate this scripts and then activate so now it's activated we can see it's activated right here of course so that's the first step now we can go ahead and pip install so use the pip the package manager in python here to install django so let's go ahead and do that so of course next up is a new project so let's go ahead and create a new project so django admin and then start project and we're going to call this as per normal core and then don't forget the space in the dot at the end there's that will that will make the folder in this side of this folder here so that's what we're going to need to start off with now we can use the manage function here to create or start an app so let's just call this app again just a blog there we go so of course we're going to need a new model just to play with so let's just go into core and settings we just need to first obviously register our application here so we'll just do it down here so we called our app blog there we go so that's all now registered so that we can access the models so inside a blog here we're going to just create a new model so i'm just going to paste this in i've already pre-made this so nothing major here we're just going to need and the title in this case or just something so that we can apply some of these permissions to the model so we're just going to have title in this model um excuse me we're gonna need to import uh so there we go nice and simple there that's our model so of course now we just need to migrate so py manage pi make migrations and then we're going to obviously just need to migrate so that will make all the migrations and now we can go ahead and create some new users so i'm going to build two new users here so create super user so i'm going to create two new users one called admin password admin and then i'm going to create another user called just user again password is just user there we go so they're going to be so i've got a super user and of the system and i've got i'm going to have an admin user so now i've got all that in place we can now run the server that should work okay so let's go ahead and access the admin area we're going to do that with the admin user first and then we're going to go into the users and i'm just going to go into this user because at the moment we've set this user user as a super user we don't want them to have super user status we just want them to have staff kind of status admin status so there's a few different default permissions or user types here in django so we're just going to press save once we've done that so that would just save that user so now we have the admin or the super user and just the staff type of user who might be a type of user who can just access the database and add some data for example but they may be restricted in other ways okay so now we want to go ahead and build a custom admin area for this blog model for example so let's go ahead and go into our admin file here and we're going to create this new class i'm going to call this blog admin area that makes it fairly clear what it is we're doing we're just going to extend from admin and an admin site okay so this is going to allow us to create a a separate admin site that's what we're trying to do create a separate admin site for this for this table for example or just a general um admin area separate admin area so we're going to give it a site header excuse me uh site header yep so we're just going to call that let's just call that blog database or dog or blog admin however you want to do that and then of course we could also add a lot of different things here we could add a login template for example we could add a custom template for this but in this tutorial we're not going to do that if you look at the previous tutorials in this series you'll find out how to do that so now we need to kind of register some of our models so we can make them available within this blog area so let's first of all just go ahead and finish the setup for this custom admin area so this is going to be blog okay admin area and i'm gonna give it a name equals and then blog admin okay so now we can go ahead and kind of register um our new model of course we need to kind of bring our models in first so from dot model um oh from dot we'll just import all of them shall we import models okay so we're just going to import or make all the models available within this model file here um we've only got one model and that's the post so let's go ahead and register that so we can make it available within this admin area so this is where we're going to say blog site that's going to bring in this kind of or connect it to this custom area here because that's what we just find here in this variable so blog site and then we're going to need to register our model so similar to how we normally register our model now we're just going to say model models and then inside of our models so remember this is kind of the connection to our models so now we're going to say inside of models we've only got one model and that was called post so let's build that kind of connection to post and there we go so that should register our model so now we can go ahead and let's go into our core url so we just need to set up a url so we can access our new admin area so i've pre-created this for speed so we've got the from blog that's the app remember we've registered that in our course so we can access it blog.admin so that kind of goes to this file here and we're going to import blog site so inside of admin here we've got blog site and we know that blog site and we've set up here so blog site equals and the blog admin area the new blog admin area here um that we've created so that's nicely all connected up so let's go ahead now and create a path for this so we're just going to make a simple plot path here sorry to blog admin um that's all good now we've imported blog site so um blogsite.url so we've kind of connected that up to our admin page um and then we're good to go hopefully so let's go into our browser um let's now remember the url um let's go into our urls so it should be blog slash blog admin so i'm just going to log out of here and then just go into the new url blog admin there we go so we've got this new area so notice we've got this blog database name that corresponds to if we go back into admin the name that i've entered here in the site header so this is our custom admin area now so let's go in as the admin first there we go so now we have blog or post sorry is uh been registered that's what we registered the post so we should be able to access the post database maybe just add some data there we go okay so that's the setup for this project um any questions any queries any problems if there's any changes i can make to make things a little bit better if you think that this isn't needed at all this kind of setup please let me know in the comments so let's move now across to part number two so let's get started um by having a look at the ad permission here so if you need to if you have started here instead of gone through the setup code like i said there is the zip file here called part two zip and that's the project up to this point here which you can just load up and start so let's first of all um have a look at utilizing some of these uh methods so first of all then um let's go ahead and we're going to create a new class here so let's uh build a new class uh we're going to call this um let's call this test admin permissions there we go so what we're going to need to do here is uh just bring in the admin dot model admin remember we're using um these methods from model admin there we go okay and then what we're going to do here is now we can start adding in our overrides so let's just start by pass just say pass and then what we need to do here we can then apply whatever permissions we add here into these individual models here so this maybe we've registered our model post here so what we can do here is kind of just bring in that class we've just made it we've just made it we've just made so um it's called test admin permission i'm not too sure why my intellisense isn't working there and adding that um there we go so i've added that in so that just adds into this registration of this post so whatever we do here we can start to kind of over override some of these methods so let's start off then uh let's just add some code here so what we're going to do is we're going to start a new function here um and then we're gonna use the has add permission and then we're gonna take in self and the request okay and then basically we're gonna return something so we're going to return true or false so basically what we're doing is if we return true then we must have permission to add if we return false here then we won't have permission to add and we remember we're applying this directly here onto this post model so let's just go ahead and have a look at what's happening here now so let's go ahead and run the server get this started code looks okay of course there shouldn't be any changes here i'm just refresh this page and you can see that i can um go ahead and remember what we're trying to do here is that permission ad so obviously i can go ahead and just add some more right um so go back into here go to add posts i can add some posts so it looks like it's working well it was working before anyway uh so let's go ahead and just change this to false so the server's restarted i need to just refresh this page and you can now see if i go into blog and post well i don't have that button that allows me to add any more posts so you can see how directly that affects the model and permissions on the model i've gone ahead here a little bit and just copy and pasted uh the model and just made migrations and migrated this model to add a new model and i've gone into admin you can see that i've just registered this and of course we're not bringing in this class with the override here so obviously it's not going to apply it here to the books model so when i go back in you'll see that i do have access to the books and adding items that's not a problem but of course i still don't have access to adding anything to posts so it's three more to go so let's uh start off a new function here uh this is the has change permission so again we're going to bring in self our request and then we'll start off by returning true give this a go um i've got a bit mistake there turn true okay so that obviously won't make any changes so let's go ahead and just add false so we're going to add this again to the we're adding it to the post obviously we've already done that so that's the post model so we should be able to change um so let's just um go to and have a look at this yeah let's have a look at this first so you can see that straight away i press refresh and the change um that was here the text now just goes to view so all i can now do is just view what's here um seems to be a little bit of a problem actually accessing the data so there's a as an issue here so there is a slight change with utilizing the has change permission and we can access what that is um this is where i nicely bring in the django admin um documentation from model admin methods so let's have a look at the has changed permission let's go down here so you can see here that we require this additional parameter here which is the object equals none so we're going to need to add that in after the request so let's go ahead and do that okay so now let's go back and have a look see if we can access the data and we can so um go ahead and read um these different parameters um it does kind of give you an overview here um what and why um object equal none is required for okay so that is the parameters here um for that i just want to make this nice and simple as possible uh starting from the ground up here so yeah there we go so that's has change has changed permission so just to speed this up a bit because you probably get the idea now uh we're now going to have a look at delete permission so again let's just take in self and request um so we need to check the documentation uh whether we're going to need the object equals none um so let's just uh have a look there we go so you can see here it does require so let's go back okay there we go uh so let's go ahead and return return uh false okay and see if this applies directly um [Music] looks good at the moment so we can do is close and let's just double check true so change and delete okay so you can see that here when i do have when i do set to true you can see the changes that are made here that i've got the option now of actually deleting the selected post and i've got the delete button and of course as soon as i change that back to false and refresh the page those permissions have changed and i don't have access to them so the last method here we're going to set up is the has view permissions so we go through the same process again and we'll just paste this in there we go so we just need it again double check the documentation whether he calls none so um let's just have a look there we go so we do need that okay so we're going to change that to false so we shouldn't now be able to view so when we go back in and this goes to home to refresh this you can see that um well these things disappeared so the actual model has been removed from the list here and we don't actually have access to it of course we could obviously do that by just not registering the model in the first place but it might be that we might want to change it so that some users or types of users only those types have access to it and it will appear obviously for those who do have access for those who don't it won't appear for example so there we go now we have view so you can see that they've got these four main permissions um has add has change has delete and has view so that's a simple case of utilizing them so now we've got the basics in place here for these different functions now let's just go ahead and look at extending some of these permissions to provide additional functionality okay so let's just start off uh by returning ob none okay so instead of returning true this time we're going to return obj none notice um there's an error there so just let's just turn up return up okay so let's just go back and refresh and you can see that i have delete status here which is great so let's just remove that and then refresh you can see that i don't have access to it anymore so what's that suggesting what's that telling us uh well potentially it's telling us that this obj here is or has some sort of reference to the user's permission their ability to actually perform actions on the data so it looks like by including object obviously it returns true by default if you read through the manual again is going to explain that by default it returns true but let's just go ahead and um let's just go ahead because behind the scenes is returning none um which is going to be by default true so let's go ahead and see if we can just extend this slightly um and use this further to perform some sort of action so let's think about for example using this uh so let's make a obj equals or is sorry uh none or let's choose obj.pk so we can access in this case kind of the primary key of our post and what we're going to do is we're going to say not equals and then in this case we're going to have a look at our post so if i just look at it you can see here it says post 33 so if you're not familiar with this when a post gets inserted into a database of course it's provided an id by default if you're using the default model setup here so this is um down here c33 if i made a new post that would be 34 and so on so i'm going to prevent access to deleting post 33 so let me just make post 34 as well so we've got 34 just to show this and what we're doing here is basically we're saying not equals 33 so basically anything that doesn't equal 33 that's going to be set to true and then 33 is going to be set to false so uh let's go back and save that so what's going to happen now uh by doing this i refresh and you can see that if i go into post 33 i don't have the delete option but if i go in here i do have the delete option okay so that probably needs a little bit more explanation what exactly is going on here but i'm trying to kind of skip and prevent us to go down that path at this point but you can clearly see um that a small little technique there to kind of prevent deletion of a certain post based upon the id so you might be wondering now what can i use this uh to actually identify other items so let's go for for example title um so the object title uh so let's just go back here and so let's just get the title of this which we know is that okay so let's uh not equal again oh it's going to need to be in string there we go so not equal so let's just see if this works so we shouldn't now be able to delete this item here so let's go back to refresh and there you can see it doesn't or isn't available to delete and so on so it looks as though we can access uh different parameters through opt in our in our posts so it's probably unlikely that you want to perform these type of permissions based upon one item or one user typically we want to group users into different groups so then we can perform action actions on those groups or set permissions on those groups so i've gone back into the main admin area here we're going to just now create a group so let's just add a new group here i'm just going to call this editors um and then i'm going to allow some permissions here or just set up some permissions so that they can access the the posts here uh the post model okay so we've defined some privileges there so what we can do now is save that and then we're just going to go back into the users and just apply that group over so you can see that this user now has the permissions that are set in that group i'm just going to remove these permissions that we set earlier and then save that so you can see that all the permissions are going to be inherited from that group because the user is part of this editor's group so let's just log out and then let's just go to our other admin area if i can remember what it is can't remember what it is um let's just go back into our urls apologies blog admin come on okay there we go okay so now i'm just going to log back in as user so no changes at the moment um except we don't have access now to the other model that we created so uh let's now go back into the code and see if we can kind of filter out based upon based upon the group so let's just uh set this back let's say to true and there we go so now let's drill down here and make some changes so we're going to create a simple if statement so if and then let's just say the request dot user group dot filter so you can see here we've um the request has been made by the user a user makes a request to delete of course so we're then going to drill down to that request and find the user and then their groups that are associated to so then i'm going to run a filter so name is going to equal in this case editors that's what edit editors that's the user group that we set up and so um if the group i know let's just make it simple um if it does exist so if this group does exist you would imagine um we can now return let's return true okay so let's go ahead now and uh let's just return false here for example okay so what we've got now is a returning false here at the end so uh if the editors do exist return true else will return false okay so let's go back here now this user we're logged in here is part of that group so let's refresh let's go over to here and you can now see that i can delete which is all good uh so let's just go back here and change this to false for example so they are part of that group still refresh and you can now see i don't have access to delete so let's just drill down a little bit further here let's just go ahead and [Music] let's just put in a object remember ob returns true so let's just see now if we can go in and let's just log out of the user here let's just go back to the uh the normal admin area with admin i'm going to do is i'm going to set the you the group um i'm going to set the group so they can't delete so i'm not going to give those privileges to begin with so the user that the user so the group that the editors group that the user is part of i've just removed the delete permission from it so they shouldn't have delete permission on it by default so let's just save that let's just go back into uh the main area so blog admin and i'm just going to log out this user and log in as the user not the admin so i log in and you can see that hopefully by default i don't have that permission now to delete but i wonder if i turn this to true it would then provide me that permission there we go so you can see how that potentially works there obviously you need to start thinking about planning your permissions for your users and overriding them in certain occasions etc so users can be part of course of multiple groups for example um so you may need to filter differently based upon that um hopefully that was a fairly useful information you can see here that we can access all sorts of information we get the user name and so on and perform actions there so just as a final example let's go ahead and try and produce something that is kind of post delete so we want to action to happen before we actually then press the delete button maybe we want to make a yeah let's make a little kind of message so i've already gone in and uh imported from the django contrab the imported messages so i go ahead and kind of make a message so what i want to do is when the user clicks on delete an item for example any message will appear just to say oh are you sure you want to delete that for example just kind of showcasing the fact that we can uh produce something kind of pre-actually pre-deleting of an item so uh yeah let's go ahead now and just uh create a little if statement so what i want to do here is i am when i'm pressing the delete key now we're sending kind of a post request so we're going to kind of capture that uh post request so to speak and then inside of here is going to be an action so basically if we were to create if we were to kind of perform an action in this case it's going to be the delete uh selected action okay so essentially when we're going to press that delete button where we're going to create a post [Music] request um that's going to be essentially an action a delete selected action so basically we're saying once we can once we've or the system has kind of detected that or once we've requested that um request um we capture that and now we can kind of perform an action so let's go ahead and uh messages.add add a message so this is going to appear just above just below the um men just below the header so message and then we can take in the request and then messages messages dot errors i'm doing this in the dark and i've got the microphone in front of me and i can't see the keyboard and even i've used the keyboard for a good 30 years 25 years i still can't touch type okay uh so all these keyboard excuses so here we go so we've got this error here and we're going to set up so now we need to do is just to find what the error is going to say so i really hope um you are sure about this okay so we've sent we create a simple kind of message here um that's going to appear an error message in this case although it's not an error of course but we're just going to simulate an error message here um so i'm going to press save and so they do have permission to delete so let's go ahead and have a look at this okay so we're back in our admin here just refreshed let's go ahead and select delete so here we're making a post request to delete this item and that's going to be captured you can see here i've got lots of different messages here uh multiple messages uh so what's happening here essentially is that um it looks like this uh is being checked multiple times for privileges etc so um what we can do is um if we were to kind of print out the the obj object here it would print out a number of times none and then probably print out one time it would be the actual name of the post in this case so what we're going to do here is um say basically where object equals and not equals none then we're just going to print this out and that's just going to happen once it's kind of a work around here so it just prints out one um just to kind of tidy this up a little bit so let's just try this out an arrow here oh and okay so let's go back refresh and we're going to try and delete it again you can see we're just going to one message is going to appear here i really hope you're sure about this and then of course we can go ahead and delete there we go successful deleted one post um obviously that's still there so just really a bad demonstration there of how you could also kind of produce or perform actions uh before you actually then delete the item okay so key information here really is for you to start looking at these permissions start thinking about potentially utilizing these permissions um and how that potentially affects the user's permissions that we've assigned directly to the user so we saw that there are two kind of levels here of permissions we have user permissions and we also have kind of direct model permissions by the model admin so those are two kind of key areas potentially that we can utilize to help protect our data and manage the users and access to the data okay thank you very much for listening hopefully that was useful and i'll see you in the next tutorial
Info
Channel: Very Academy
Views: 7,198
Rating: undefined out of 5
Keywords: django permissions, django model permissions, ModelAdmin, django admin, django custom admin, django administration, django modeladmin, django admin interface, django admin page, django admin tools, django admin login, django model admin, django site admin, create admin django, django admin tutorial, django, django tutorial, djangotutorial, django tut, django 3, django examples, learn django, django beginners, beginners django, django framework, django 2021
Id: WVSEcfAvlfc
Channel Id: undefined
Length: 35min 0sec (2100 seconds)
Published: Thu Jan 28 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.