Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

UserPassesTestMixin for currently logged in user

See original GitHub issue

I have a mixin I often need to use that is built off django.contrib.auth.mixins.UserPassesTestMixin that limits permission of the currently logged in user to only be able to change models that they own. It looks something like this:

class UserPermissionMixin(UserPassesTestMixin):
    def test_func(self):
        current_user = self.request.user
        if current_user == self.model.user:
            return True
        return False

Would this be something that I could generalize and submit a pull request for django-extensions?

Issue Analytics

State:
Created 4 years ago
Comments:8 (7 by maintainers)

Top GitHub Comments

1reaction

trbscommented, Jul 27, 2019

I don’t think we have any permissions yet in django-extensions 😃

Thinking about it, from personal experience I have a similar mixins which are copied in quite a number of projects. Others probably do the same making it a good candidate to include IMO.

What I would like to see if the ability to change the model attribute. Something like:

class UserPermissionMixin(AccessMixin):
    user_permission_model_attribute = "user"

    def get_user_permission_model_attribute(self):
        return self.user_permission_model_attribute

    def test_func(self):
        model_attr = self.get_user_permission_model_attribute()
        current_user = self.request.user
        model_user = getattr(self.model, model_attr)
        current_user = self.request.user

        if current_user == model_user:
            return True

        return False

This would allow for more flexibility. eg: you could have a class with an owner attribute. Maybe also add the ability for user_permission_model_attribute to be a relationship, such as in the case of model with something like an attendees attribute.

Also a similar class for groups would make sense 😃

Anyways, I would love to accept a PR for this. Specially if we can make the class generic and easy to use enough that it would appeal to a broad number of users.

Now the only downside to a PR right now is that it would also require some of the boilerplate for things like docs, tests (we should aim for 100% coverage for permission mixins), etc to be written since this is the first permissions extension.

0reactions

trbscommented, Oct 24, 2019

i’ll close the issue and lets finish the PR 😃

Top Results From Across the Web

Django application: UserPassesTestMixin to verify user is the ...

I'm using a class based view to show the current logged in user their posts. In order to prevent users from being able...

Django Best Practices: User permissions - LearnDjango.com

How to configure user permissions in a Django project. ... Now let's assume we want a user to be logged in before they...

Using the Django authentication system

If you have an authenticated user you want to attach to the current session - this is done with a login() function. ......

Access Mixins — django-braces 1.13.0 documentation

These mixins all control a user's access to a given view. Since many of them extend ... UserPassesTestMixin; SuperuserRequiredMixin; AnonymousRequiredMixin.

LoginRequiredMixin and UserPassesTestMixin login_url clash

to Django users. Let me describe my scenario. I got some views that I want to check two conditions before render: 1. user...