Django if you like to have an admin site with little effort. If you go the Django path try Django ninja which is based on fastapi. It’s all about weighing up the pros and cons for your project.
This is was extremely helpful at getting me started with Django Guardian. However, how do we hide the object permissions button on the details page for the staff user? I find that the staff user is able to access the objection permissions page and change their own permissions for the given object which feels a bit silly
same problem here. Staff user can simply modify his guardian permissions if he got module permission on the admin panel ! That way, it is useless to make this effort. Any solution??
In the previous tutorial we could also apply object level authorization: def has_change_permission(self, request, obj=None): # user can change those movies which are released today if obj: return obj.release_date == date.today() # will return True if obj.release date is today return False what's the use of Guardian object level ?
My question doesn´t fit into this video but I recently started with your ecommerce tutorial series. Could you make an additional video on how to upload multiple images per product from a form like amazon for example does. I checked stackoverflow and YT for that but so far there is no real video for that. Thank you so much for educating us.
Hi Phil so, to confirm. A single form on a django template whereby you can upload multiple images. I presume the images for the sake of the tutorial will just be stored in a media folder? Is this what you need?
Replying one year later lol. you could make a model specific for images so like ProductImages model which has image field and product id. all you have to do is create more and more images
You have previously created REST Framework permissions and a few other permissions tutorials that were really helpful to begin with. (1) Are these object-level permissions complementary to those other types of permissions? (2) Are object-level permissions even required if we have view-level permissions?
Thank you, yes object level permissions compliment on from what we have looked at in the past. I only made the first tutorial for those who have yet seen or are familiar to permissions. Maybe I don’t fully understand your second question. Permissions are generally applied to groups or can be known as roles. We utilise these permissions to support decisions/logic/code in the views or other modules we might develop. Working at the object level we can further define permissions. Yes we can define rules or permissions in our views, using permissions creates a dynamic approach to allow working with the concept of grouping or roles that we might require in the application.
@@veryacademy I have a scenario: Lets say you are creating a Hostel Management system a Saas project... so you have different hostels with different owners... the hostels can have caretakers, matron or patron, watchman (Security personel ) and students ... all these are different players with different roles...... in addition you can have also have a rating system for a student so when he/she moves from one hostel to another he/she can be accepted or rejected based on his/her ratings.... Got it now???
As useal so well explained and extremely helpful! Thank you for these amazing lessons!
You're very welcome!
You're amazing man, thank you for such a great content you make!
Glad you enjoy it!
shall i go for django or fastapi for inventory management system
Django if you like to have an admin site with little effort. If you go the Django path try Django ninja which is based on fastapi. It’s all about weighing up the pros and cons for your project.
This is was extremely helpful at getting me started with Django Guardian.
However, how do we hide the object permissions button on the details page for the staff user? I find that the staff user is able to access the objection permissions page and change their own permissions for the given object which feels a bit silly
same problem here.
Staff user can simply modify his guardian permissions if he got module permission on the admin panel !
That way, it is useless to make this effort.
Any solution??
Did anyone find answer to this question? Nice tutorial
In the previous tutorial we could also apply object level authorization:
def has_change_permission(self, request, obj=None):
# user can change those movies which are released today
if obj:
return obj.release_date == date.today() # will return True if obj.release date is today
return False
what's the use of Guardian object level ?
My question doesn´t fit into this video but I recently started with your ecommerce tutorial series. Could you make an additional video on how to upload multiple images per product from a form like amazon for example does. I checked stackoverflow and YT for that but so far there is no real video for that. Thank you so much for educating us.
Hi Phil so, to confirm. A single form on a django template whereby you can upload multiple images. I presume the images for the sake of the tutorial will just be stored in a media folder? Is this what you need?
@@veryacademy Yes exactly. Thanks for your answer
@@phil_1234 No problem - I will make a short tutorial today or tomorrow.
@@veryacademy Wow that would be very great. Thank you so much
Replying one year later lol. you could make a model specific for images so like ProductImages model which has image field and product id. all you have to do is create more and more images
Can you integrate to a frontend app, and restrict views?
Hi Manu, permissions on views is coming up next
@@veryacademy yaaaaa 🔥😘
Thanks
No problem
You have previously created REST Framework permissions and a few other permissions tutorials that were really helpful to begin with.
(1) Are these object-level permissions complementary to those other types of permissions?
(2) Are object-level permissions even required if we have view-level permissions?
Thank you, yes object level permissions compliment on from what we have looked at in the past. I only made the first tutorial for those who have yet seen or are familiar to permissions. Maybe I don’t fully understand your second question. Permissions are generally applied to groups or can be known as roles. We utilise these permissions to support decisions/logic/code in the views or other modules we might develop. Working at the object level we can further define permissions. Yes we can define rules or permissions in our views, using permissions creates a dynamic approach to allow working with the concept of grouping or roles that we might require in the application.
Please make a project on multi tenant schema package in django
Been asked a few times, I need a scenario or requirements, give me a bit more info as to what it is you are trying to achieve
@@veryacademy I have a scenario: Lets say you are creating a Hostel Management system a Saas project... so you have different hostels with different owners... the hostels can have caretakers, matron or patron, watchman (Security personel ) and students ... all these are different players with different roles...... in addition you can have also have a rating system for a student so when he/she moves from one hostel to another he/she can be accepted or rejected based on his/her ratings.... Got it now???
After all these efforts, staff user can modify permission for himself.
Oh man!
Thank you