How can I manage roles?

barseghyanartur / django-fobi

Form generator/builder application for Django done right: customisable, modular, user- and developer- friendly.

https://pypi.python.org/pypi/django-fobi

484 stars 112 forks source link

How can I manage roles? #203

Closed hernanfila closed 5 years ago

hernanfila commented 5 years ago

Hi @barseghyanartur , I have one question. I don't want to bother you but maybe you could give me a hint. How can I force authenticated users only to view forms? And not to edit them ( or even create forms). Should I modify fobi code ? I tried to read django documentation but I feel that to be able to do this I should modify Fobi code.

Thank you very much

Hernan

barseghyanartur commented 5 years ago

@hernanfila:

Only you as the author of the form shall be able to edit the form. Fobi is written in such a way, that authenticated users can create forms. However, you don't need to modify entire fobi code to forbid them from creating forms. You could instead make a local package called fobi_addons and place your create view there (that one you should copy from fobi). Then in URLs you shall provide the URL to your customised create view prior including fobi views.

hernanfila commented 5 years ago

@barseghyanartur we have 1 form. We need the users to log in to access the form. Finally, we need to have 2 roles to access our form.

Roles:

Admin: Full access to django fobi / django
User: Has only view access (not editing/create/delete) to the form page we created

Form is already created and we can authenticate users with AD without problems. Now, the questions are:

We want to share the form URL with the users. When they click, we want them to login first and finally being redirected to our form. How can we achieve this?
Is possible to have these 2 roles above? If so, how can we make them?

With this two questions we think we will have most of our requirements achieved, and finally use Fobi.

Thank you!!

barseghyanartur commented 5 years ago

@hernanfila:

I'm not sure what the issue is. What you describe is standard fobi functionality. If you want a form to be only available to authenticated users, you mark it as non public (the public checkbox shall be unchecked).

hernanfila commented 5 years ago

These are steps I performed: 1) I made the form non-public. 2) I tried to access the form URL (being logged out). I got an Http 404 error:

It doesn't redirect me to the authentication page.

Thank you.

barseghyanartur commented 5 years ago

@hernanfila:

Yep. No redirect is returned. Just 404. You might want to changed it in your version (as I said, in fobi_addons) and return redirect to authentication page instead.

https://github.com/barseghyanartur/django-fobi/blob/v0.13.x/src/fobi/views.py#L2189

barseghyanartur commented 5 years ago

@hernanfila:

Solved?

hernanfila commented 5 years ago

Instead of replacing the error to the redirection, I put the decorator "login_required" above view_form_entry function. It worked. Thank you!