search

vintasoftware / django-role-permissions

A django app for role based permissions.
http://django-role-permissions.readthedocs.org/
MIT License
730 stars 115 forks source link

Add an admin widget to manage Roles #66

Open kavdev opened 7 years ago

kavdev commented 7 years ago

I'm not sure this is even possible, but it would be pretty cool to have some sort of admin UI for adding and removing roles and permissions

filipeximenes commented 7 years ago

So something more customized than the default Django widget for groups and permissions, right? Do you have some ideas on how this would look?

kavdev commented 7 years ago

Exactly. The normal Django widget operates outside of the constraints (and get_or_create handiness) offered by django-role-permissions. I have no idea how to go about this yet or how it would look; it's something on my list to research.

Essentially, it would just need to have some way to call assign_role(), remove_role(), and clear_roles() with an input for the desired role.

gehaxelt commented 7 years ago

Hi, I just discovered this module and would love to see some kind of widget for the django admin backend, too.

Especially, because the permission names do not seem to get translated and/or displayed in the default permissions form: permissions

That makes assigning the right permissions a bit hard ;)

Best

powderflask commented 7 years ago

I have some code to potentially contribute that makes django-role-permissions play more nicely with the admin. In the spirit of the module, it simply piggybacks on the existing django user admin group selector. It has 3 components:

  1. a UserAdminMixin class (utilized by an optional custom UserAdmin class) that overrides save_related() to update the user's roles to match the groups selected in the admin. In this way, changes made to the user's Groups via the admin are immediately reflected in the Roles.
  2. a management command, sync_roles, that can be run after changing the project's roles.py to create a Group for any new Roles (so the group is available via the admin), and re-assign roles to all users so any changes to the roles definitions are immediately reflected in user groups / permissions.
  3. default names for each permission -- as requested in #46 and #71 -- so the permission name appears in the admin.

I'm interested in contributing this code, but hoping for some feedback on whether these features are a sensible way to approach the problem -- they work for my use-case™, but I may be missing a bigger picture.

kavdev commented 7 years ago

@powderflask 1) sounds good! I'd suggest naming it RoleManagementMixin or something

2) here's our approach:

from django.contrib.auth import get_user_model
from django.core.management.base import BaseCommand
from rolepermissions.roles import get_user_roles, clear_roles, assign_role

class Command(BaseCommand):

    help = "Sychronizes user Roles with the current available_permissions set in code."
    version = "1.0.0"

    def get_version(self):
        return self.version

    def handle(self, *args, **options):
        """For each user, grab their assigned roles, clear their roles, and then reassign them."""
        for user in get_user_model().objects.all():
            roles = get_user_roles(user=user)
            clear_roles(user=user)

            for role in roles:
                assign_role(user=user, role=role)

3) solid

filipeximenes commented 7 years ago

Hey, let's focus discussion on the PR (https://github.com/vintasoftware/django-role-permissions/pull/72/files) to avoid confusion :)

@kavdev I just made some comments in the PR, would appreciate your contribuitions there as well!