Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
Now that you know what permissions are, let's add a custom one and require them for actions on the site.
The PermissionRequiredMixin
is from Django itself, and it only checks for a certain permission. If you need to check for multiple permissions, django-braces
offers a MultiplePermissionsRequiredMixin
.
-
0:00
Instead of controlling the built in permissions.
-
0:03
I want to look at creating custom permissions and
-
0:05
applying them to users and views, because the workflows the same,
-
0:08
as far as the application, like must have this permission.
-
0:12
But creating custom permissions is the more interesting thing to do.
-
0:17
So the community member model.
-
0:20
If you remember this one has this concept of roles.
-
0:23
So right now there are four roles.
-
0:25
There's band, member, moderator or admin.
-
0:28
I think there should be a permission that community members have
-
0:33
before they can ban someone, right?
-
0:36
They should be able to ban abusive members definitely, but I might want,
-
0:39
maybe there's a trusted user who should be able to ban users but they
-
0:42
shouldn't be able to do whatever moderator abilities I give to everyone else.
-
0:46
Or maybe I wanna give ban user to both moderators and admins.
-
0:51
But moderators have one group, admins have another.
-
0:54
I don't wanna have to implement both of those in view logic.
-
0:59
So, I'm gonna create a ban member permission
-
1:02
that I can then give to whomever I need to give it to.
-
1:05
So down here in the class Meta, not there,
-
1:09
I'm gonna add a new attribute which is named permissions and
-
1:13
it's a tuple, and it's a tuple of tuples, and this tuple has two items.
-
1:20
It has ban member which is the short name, the code name.
-
1:25
And, then it has a longer name, can ban members.
-
1:31
And this longer name is what gets displayed in the admin.
-
1:34
You can make this longer.
-
1:35
You can put in whatever description you want here.
-
1:38
I try to keep it short and
-
1:38
sweet though because it's displayed in a fairly small little thing.
-
1:46
So it's not necessarily the thing that you want to make really long.
-
1:52
Okay so when you add a permission you are actually adding a thing to
-
1:56
the permissions table which means that you need a migration.
-
2:00
So let's go ahead and make this migration manage.py makemigrations for communities.
-
2:08
And you'll see that we change the meta options here.
-
2:12
So Pythonmanage.pie migrate communities.
-
2:14
Let's just migrate period, okay.
-
2:18
So now it's done that and
-
2:20
I can just run the server again to make things easier for me later on.
-
2:25
Before I go too far though,
-
2:27
I actually want to add a few handy properties up here to my community model.
-
2:33
So that I can get a list of admin and moderator uses.
-
2:36
So the first one I'm gonna add, so these are all gonna be properties.
-
2:40
So @property def admins.
-
2:43
And I'm gonna return self.members, or
-
2:47
memberships rather, .filter, where the role is equal to 3.
-
2:53
And I want to return the values list of user and I want flat to be true.
-
2:58
So this is going to return me a list of the ID's
-
3:03
of the users that are admins and then I'll make
-
3:08
another property here which will be moderators and
-
3:14
this is going to be very similar self.memberships.filter
-
3:21
role equals 2 and again user and flat.
-
3:25
So just returning a list of ID's.
-
3:29
The last one is a little bit different.
-
3:31
This one's gonna be called good members and
-
3:33
this is gonna hold all the members who are currently in good standing.
-
3:38
So self.memberships.exclude role equals 0 so
-
3:42
don't include anyone who is banned but other than that.
-
3:46
Send me back everybody.
-
3:49
Okay.
-
3:49
These could maybe should even be done as methods
-
3:55
on a custom model manager that however is outside the scope of this course.
-
3:59
And honestly it's something I bet you can all handle.
-
4:03
At this point on your own you've seen a lot of stuff you've seen how to do custom
-
4:08
managers on the user model.
-
4:10
I bet you can figure this out.
-
4:11
If not though, check the teacher's notes.
-
4:13
I'm going to link to docs on how to do custom model managers
-
4:17
with methods like this for quickly getting a query together.
-
4:21
All right so now though I'm here in the admin and I'm gonna create the moderator
-
4:27
group that I want to use some I'm gonna click add next to groups.
-
4:31
And I'm gonna create a group named moderators and if I look here in
-
4:36
the filter if I search for ban I see this, communities can ban members.
-
4:42
So that's one I want them to have.
-
4:44
So I'm just gonna hit save on that.
-
4:46
And all right, cool.
-
4:49
So, now I need to check for
-
4:51
the permission before I show any ban buttons or anything like that.
-
4:56
I'm gonna add a great big snippet of html to the template and
-
5:01
we'll talk about some of it.
-
5:03
But you should check the teachers notes, or not teacher notes, sorry, you should
-
5:05
check the workspace, the downloads, all that stuff to see what's going on here.
-
5:09
Cuz it's a large template and
-
5:11
going through it line by line is just going to take a long time.
-
5:15
So copy that.
-
5:21
Paste it into there.
-
5:23
So let's look through this.
-
5:24
It's a new card, it's called members.
-
5:28
And for
-
5:28
every member who's in the good members I'm gonna print out a link to their page.
-
5:33
So you can quickly jump and see all of their posts.
-
5:36
Then there's a new column here on the other side, and
-
5:40
if the user who's requesting this.
-
5:43
So the requesting user is an admin or
-
5:47
a moderator then we're gonna do this other stuff.
-
5:50
So if they're moderator then we're gonna show this.
-
5:53
If the user that we're currently looking at is a moderator then we're
-
5:59
gonna show this thumbs down here so that they can be downgraded to a regular user.
-
6:03
If they're not a moderator and they're not an admin, then we're going to show
-
6:08
a thumbs up icon here that will upgrade them to a status of 2.
-
6:11
So we'll promote them to being a moderator.
-
6:15
And regardless of that, the person who's looking at this
-
6:18
if they have the ban_member permission from communities and
-
6:22
perms is a little thing that gets inserted.
-
6:25
How we have, how you have user,
-
6:29
perms is another one that gets added in that same section
-
6:35
that holds all the permissions for the current user who's requesting the page.
-
6:38
So if perms.communities.ban_member exists which means they have the ban
-
6:43
member permission, then we're gonna show this ban circle icon and
-
6:48
we're gonna give them the ability to set somebody's status to 0.
-
6:52
So somebody can be banned.
-
6:54
Now you see that this is using this communities change status URL,
-
6:58
which doesn't exist yet.
-
7:00
So I need to make that exist, right.
-
7:02
View doesn't do any good or
-
7:04
sorry the buttons only good without the view to handle all that.
-
7:09
So the first thing I need to do is create the URL, and
-
7:13
this is it's a big URL, so buckle up.
-
7:18
I'm gonna do change status.
-
7:22
And then I'm gonna get a slug.
-
7:26
And so this slug is the slug of the community that the member belongs to.
-
7:34
And then I'm gonna get a user ID which is going to be one or more, the ID.
-
7:39
I should probably use username here but user id is fine.
-
7:45
And then I'm gonna get the status that they want to be changed to.
-
7:50
And this is only a single digit at this point.
-
7:52
If you end up building this and you have ten plus statuses,
-
7:56
you may want to change the status to be more than one digit.
-
8:01
Or maybe it becomes a word or something like that.
-
8:02
And this is gonna go to change status.as view,
-
8:06
which doesn't exist yet and I'm gonna name this change status.
-
8:14
All right, so capture the slug, capture the user id,
-
8:18
capture the status that we want them to become.
-
8:21
And yeah it's not the friendliest URL ever, but it's not a terrible one.
You need to sign up for Treehouse in order to download course files.
Sign up