I'm working on a website for my neighbor, and I was almost completely done. But he added one more feature that I can't seem to wrap my head around building. The feature in itself is pretty simple, and I already have it written. He just wanted a photo gallery with albums. Each vendor on his site would have their own album.
But the problem I'm having is that he wants specific users from each vendor to be able to access the CRUD for these albums, and not anything else. If I try to do this in django admin, then the user gets access to other albums that aren't theirs. So I need to create some permissions. Can I use group permissions in django to do this, because the permissions in django are pretty general and not specific to their vendor name or any other models. I only want them to be able to access and add new items under their vendor name. Or do I need to use some other tool, and create another view?
Models.py for reference:
class Vendor(models.Model):
name = models.CharField(max_length=100)
slug = models.SlugField(max_length=200, unique=True, null=True)
website = models.CharField(max_length=256)
city = models.CharField(max_length=100)
state = models.CharField(max_length=3)
vendor_email = models.CharField(max_length=100)
images = models.ImageField(upload_to='vendor_images', blank='img/92-thumb.jpg')
description = models.TextField()
def __str__(self):
return self.name
def save(self, *args, **kwargs):
# just check if product_model or vendor.name has changed
self.slug = slugify(self.name)
super(Vendor, self).save(*args, **kwargs)
class VendorAlbum(models.Model):
vendor = models.ForeignKey(Vendor, on_delete=models.PROTECT, related_name='vendor')
title = models.CharField(max_length=70)
description = models.TextField(max_length=1024)
thumb = ProcessedImageField(upload_to='albums', processors=[ResizeToFit(800)], format='JPEG',
options={'quality': 90})
tags = models.CharField(max_length=250)
is_visible = models.BooleanField(default=True)
created = models.DateTimeField(auto_now_add=True)
modified = models.DateTimeField(auto_now_add=True)
slug = models.SlugField(max_length=50, unique=True)
def __str__(self):
return self.title
class VendorAlbumImage(models.Model):
image = ProcessedImageField(upload_to='albums', processors=[ResizeToFit(1920)], format='JPEG',
options={'quality': 70})
thumb = ProcessedImageField(upload_to='albums', processors=[ResizeToFit(800)], format='JPEG',
options={'quality': 80})
album = models.ForeignKey(VendorAlbum, on_delete=models.PROTECT)
alt = models.CharField(max_length=255, default=uuid.uuid4)
created = models.DateTimeField(auto_now_add=True)
width = models.IntegerField(default=0)
height = models.IntegerField(default=0)
slug = models.SlugField(max_length=70, default=uuid.uuid4, editable=False)
def __str__(self):
return self.alt
As you're using a dynamic item such as the albums, you should better filter inside the views only the albums related to the specific vendor before you show it in the crud templates, it won be using Django permissions but instead control from the views.