Am using django-permission on simple test app (almost identical to the example used in the docs) to try to figure out how it works. I have read the documentation and tried to use the example app provided on this link.
The issue is when the author of an article is not able to edit/ delete the article.
The user in question has been granted all permissions in the admin section.
Key code listed below - any help much appreciated
test_app/models.py
class Article(models.Model):
created_by = models.ForeignKey(User)
created = models.DateField(auto_now_add=True)
modified = models.DateField(auto_now=True)
title = models.CharField(max_length=100)
content = models.TextField()
class Meta:
app_label = 'test_app'
from permission import add_permission_logic
from permission.logics import AuthorPermissionLogic
add_permission_logic(Article, AuthorPermissionLogic(
field_name='created_by',
any_permission = False,
change_permission = True,
delete_permission = True,
))
test_app/views.py
@permission_required('change_article')
def change_article(request, *args, **kwargs):
pk = kwargs.pop('pk')
template = 'test_app/edit.html'
article = models.Article.objects.get(id=pk)
if request.method == 'POST':
form = forms.Article_form(request.POST, instance=article)
if form.is_valid():
article = form.save(commit=False)
article.created_by = request.user
article.title = form.cleaned_data['title']
article.content = form.cleaned_data['content']
article.save()
return HttpResponseRedirect('/test/')
else:
raise Http404
else:
form = forms.Article_form(instance=article)
return render(request, template_name=template, context={'form':form})
test_app/perms.py
PERMISSION_LOGICS = (
('test_app.Article', AuthorPermissionLogic()),
)
EDIT
In the end there is a longer discussion on the project Github page available on this link.
While the objective of the question was resolved - it turns out that the function itself is a bit of a legacy function that is prone to unexpected behavior. The advice of the project owner is to use class based views rather than function based views.
I don't really get what
The user in question has been granted all permissions in the admin section.
means (not sure what "admin section" is) but
You don't need perms.py while you already add a permission logic in your models.py.
You need to use test_app.change_article instead (<app_label>.<perm>_<model_name>)
By the way, while you don't need perms.py so it's not a matter but the instance of AuthorPermissionLogic in perms.py is not properly configured while you haven't specified field_name there (the default value of field_name is 'author' if you don't specified.) https://github.com/lambdalisue/django-permission/blob/master/src/permission/conf.py#L24