From my talk this morning at PyCon UK 2008: a very simple multiple user blog model with an admin interface configured to only allow people to edit or delete entries that they have created themselves, unless they are a super user.
[See blog post](http://paltman.com/2008/04/11/keeping-contenttypes-and-permissions-updated-without-syncdb/) You can put this script in the root of your project and run after deploying updates in your production environment.
http://paltman.com/2008/04/11/keeping-contenttypes-and-permissions-updated-without-syncdb/
http://paltman.com/2008/04/11/keeping-contenttypes-and-permissions-updated-without-syncdb/
Peeping middleware, that replaces active user to another one for current http request. Admin permissions required to activate, so you can place this snippet even on the production server. Very useful for debugging purposes. Wish it to be part of Django. How to use: Put this middleware after all other middlewares in the list. Then just add ?as_user=username or &as_user=username to the url, where username is the name of user whose views you want to see.
Have you ever needed to customize permissions, for example, allow only some fields for editing by some group of users, display some fields as read-only, and some to hide completely? FieldLevelPermissionsAdmin class does this for newforms-admin branch. Not tested well yet (>100 LOC!). You typically would like to use it this way: class MyObjectAdmin(FieldLevelPermissionsAdmin): def can_view_field(self, request, object, field_name): """ Boolean method, returning True if user allowed to view field with name field_name. user is stored in the request object, object is None only if object does not exist yet """ ...your code... def can_change_field(self, request, object, field_name): """ Boolean method, returning True if user allowed to change field with name field_name. user is stored in the request object, object is None only if object does not exist yet """ ...your code... def queryset(self, request): """ Method of ModelAdmin, override it if you want to change list of objects visible by the current user. """ mgr = self.model._default_manager if request.user.is_superuser: return mgr.all() filters = Q(creator=request.user)|Q(owner=request.user) return mgr.filter(filters)
Example (in project/application/models.py): register_custom_permissions_simple((("is_editor", "User is editor"),)) In a view: if not request.user.has_perm('application.is_editor'): return HttpResonseRedirect(LoginUrl)
22 snippets posted so far.