Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Now that you know what permissions are, let's add a custom one and require them for actions on the site.
The PermissionRequiredMixin is from Django itself, and it only checks for a certain permission. If you need to check for multiple permissions, django-braces offers a MultiplePermissionsRequiredMixin.
Instead of controlling
the built in permissions.
0:00
I want to look at creating
custom permissions and
0:03
applying them to users and views,
because the workflows the same,
0:05
as far as the application,
like must have this permission.
0:08
But creating custom permissions is
the more interesting thing to do.
0:12
So the community member model.
0:17
If you remember this one
has this concept of roles.
0:20
So right now there are four roles.
0:23
There's band, member, moderator or admin.
0:25
I think there should be a permission
that community members have
0:28
before they can ban someone, right?
0:33
They should be able to ban abusive
members definitely, but I might want,
0:36
maybe there's a trusted user who
should be able to ban users but they
0:39
shouldn't be able to do whatever moderator
abilities I give to everyone else.
0:42
Or maybe I wanna give ban user
to both moderators and admins.
0:46
But moderators have one group,
admins have another.
0:51
I don't wanna have to implement
both of those in view logic.
0:54
So, I'm gonna create
a ban member permission
0:59
that I can then give to
whomever I need to give it to.
1:02
So down here in the class Meta, not there,
1:05
I'm gonna add a new attribute
which is named permissions and
1:09
it's a tuple, and it's a tuple of tuples,
and this tuple has two items.
1:13
It has ban member which is the short name,
the code name.
1:20
And, then it has a longer name,
can ban members.
1:25
And this longer name is what
gets displayed in the admin.
1:31
You can make this longer.
1:34
You can put in whatever
description you want here.
1:35
I try to keep it short and
1:38
sweet though because it's displayed
in a fairly small little thing.
1:38
So it's not necessarily the thing
that you want to make really long.
1:46
Okay so when you add a permission
you are actually adding a thing to
1:52
the permissions table which
means that you need a migration.
1:56
So let's go ahead and make this migration
manage.py makemigrations for communities.
2:00
And you'll see that we change
the meta options here.
2:08
So Pythonmanage.pie migrate communities.
2:12
Let's just migrate period, okay.
2:14
So now it's done that and
2:18
I can just run the server again to
make things easier for me later on.
2:20
Before I go too far though,
2:25
I actually want to add a few handy
properties up here to my community model.
2:27
So that I can get a list of admin and
moderator uses.
2:33
So the first one I'm gonna add, so
these are all gonna be properties.
2:36
So @property def admins.
2:40
And I'm gonna return self.members, or
2:43
memberships rather, .filter,
where the role is equal to 3.
2:47
And I want to return the values list
of user and I want flat to be true.
2:53
So this is going to return
me a list of the ID's
2:58
of the users that are admins and
then I'll make
3:03
another property here which
will be moderators and
3:08
this is going to be very
similar self.memberships.filter
3:14
role equals 2 and again user and flat.
3:21
So just returning a list of ID's.
3:25
The last one is a little bit different.
3:29
This one's gonna be
called good members and
3:31
this is gonna hold all the members
who are currently in good standing.
3:33
So self.memberships.exclude
role equals 0 so
3:38
don't include anyone who is banned but
other than that.
3:42
Send me back everybody.
3:46
Okay.
3:49
These could maybe should
even be done as methods
3:49
on a custom model manager that however
is outside the scope of this course.
3:55
And honestly it's something
I bet you can all handle.
3:59
At this point on your own you've seen a
lot of stuff you've seen how to do custom
4:03
managers on the user model.
4:08
I bet you can figure this out.
4:10
If not though, check the teacher's notes.
4:11
I'm going to link to docs on
how to do custom model managers
4:13
with methods like this for
quickly getting a query together.
4:17
All right so now though I'm here in the
admin and I'm gonna create the moderator
4:21
group that I want to use some I'm
gonna click add next to groups.
4:27
And I'm gonna create a group named
moderators and if I look here in
4:31
the filter if I search for ban I see this,
communities can ban members.
4:36
So that's one I want them to have.
4:42
So I'm just gonna hit save on that.
4:44
And all right, cool.
4:46
So, now I need to check for
4:49
the permission before I show any
ban buttons or anything like that.
4:51
I'm gonna add a great big snippet
of html to the template and
4:56
we'll talk about some of it.
5:01
But you should check the teachers notes,
or not teacher notes, sorry, you should
5:03
check the workspace, the downloads, all
that stuff to see what's going on here.
5:05
Cuz it's a large template and
5:09
going through it line by line is
just going to take a long time.
5:11
So copy that.
5:15
Paste it into there.
5:21
So let's look through this.
5:23
It's a new card, it's called members.
5:24
And for
5:28
every member who's in the good members
I'm gonna print out a link to their page.
5:28
So you can quickly jump and
see all of their posts.
5:33
Then there's a new column
here on the other side, and
5:36
if the user who's requesting this.
5:40
So the requesting user is an admin or
5:43
a moderator then we're
gonna do this other stuff.
5:47
So if they're moderator
then we're gonna show this.
5:50
If the user that we're currently
looking at is a moderator then we're
5:53
gonna show this thumbs down here so that
they can be downgraded to a regular user.
5:59
If they're not a moderator and they're
not an admin, then we're going to show
6:03
a thumbs up icon here that will
upgrade them to a status of 2.
6:08
So we'll promote them
to being a moderator.
6:11
And regardless of that,
the person who's looking at this
6:15
if they have the ban_member
permission from communities and
6:18
perms is a little thing
that gets inserted.
6:22
How we have, how you have user,
6:25
perms is another one that gets
added in that same section
6:29
that holds all the permissions for the
current user who's requesting the page.
6:35
So if perms.communities.ban_member
exists which means they have the ban
6:38
member permission, then we're gonna
show this ban circle icon and
6:43
we're gonna give them the ability
to set somebody's status to 0.
6:48
So somebody can be banned.
6:52
Now you see that this is using this
communities change status URL,
6:54
which doesn't exist yet.
6:58
So I need to make that exist, right.
7:00
View doesn't do any good or
7:02
sorry the buttons only good without
the view to handle all that.
7:04
So the first thing I need to
do is create the URL, and
7:09
this is it's a big URL, so buckle up.
7:13
I'm gonna do change status.
7:18
And then I'm gonna get a slug.
7:22
And so this slug is the slug of
the community that the member belongs to.
7:26
And then I'm gonna get a user ID which
is going to be one or more, the ID.
7:34
I should probably use username here but
user id is fine.
7:39
And then I'm gonna get the status
that they want to be changed to.
7:45
And this is only a single
digit at this point.
7:50
If you end up building this and
you have ten plus statuses,
7:52
you may want to change the status
to be more than one digit.
7:56
Or maybe it becomes a word or
something like that.
8:01
And this is gonna go to
change status.as view,
8:02
which doesn't exist yet and
I'm gonna name this change status.
8:06
All right, so capture the slug,
capture the user id,
8:14
capture the status that
we want them to become.
8:18
And yeah it's not the friendliest URL
ever, but it's not a terrible one.
8:21
You need to sign up for Treehouse in order to download course files.
Sign up