jscott1989
commented
7 years ago All permissions are now done through groups. The panel needs a little work to make the permissions more clear, and I'd like to have the permissions work in a more granular manner - but it does now work.
Permissions should be registered in a permissions.py file like:
from happening.permissions import register_permission
register_permission( "Events", "create_event", "Create an event", "Can create a new event.")
and use it as:
@require_permission("manage_events") def event_presets(request): """Administrate event presets.""" presets = EventPreset.objects.all() return render(request, "admin/event_presets.html", {"presets": presets})
or use a function
def can_see_admin(user): """Can this user view the admin panel.""" for url in admin_urls()["admin_urls"]: if not url[1] == "admin": path = reverse(url[1]) view = resolve(path).func if not hasattr(view, "has_permission") or\ view.has_permission(user): return True return False
@require_permission(func=can_see_admin) def index(request): """Admin dashboard.""" return render(request, "admin/index.html")
This also allows use of the {% linkpermission link_name %} template tag, so that content can be shown only if the user has permission to visit a certain link. This is particularly useful for showing menus where only some items should be visible.
After merging staff and admin ( #84 ) - add more granular groups and permissions so that some members may be given access to some parts of admin but not others.