Login with specified user with specified permissions in Django.

I am trying to access the dashboard using specified user like:

Staff user can view the dashboard content.
Superuser can access the delete, edit, view, add content in the dashboard.
Admin can edit, view, add content in the dashboard

Not in Admin Panel.

Django has a very comprehensive and robust security infrastructure for assigning permissions to users and groups and verifying permissions to views.

Start with reading Using the Django authentication system | Django documentation | Django

I have to do integration with LDAP and assign permissions to particular groups.
I configure ldap and integrate it with django login page but now my requirement is that I have to provide permissions to user to acess add only field or view only field.
Can you please guide me.
Thank you in advance.

Are you saying that you’re using LDAP to provide both authentication (login credentials) and authorization (permissions, or in this case, group membership)?

You may need to enhance your login process to retrieve whatever additional information you need from your LDAP server, (e.g. Group membership) and have your login view update the current user with that information.

In general terms in Django, access to a view is granted to a permission. The permissions are granted to Groups. Users are made members of Groups. All the details for this are provided in that referenced documentation page.

Yes, I am trying to using LDAP to provide both authentication (login credentials) and authorization (permissions, or in this case, group membership)
I configured all mentioned on Admin page but not able to configure it on dashboard panel.

Staff user can view the dashboard content.
Superuser can access the delete, edit, view, add content in the dashboard.
Admin can edit, view, add content in the dashboard

Can you tell me which topic helps me,specifically?

I don’t know what you mean by “dashboard panel”.

If you’re referring to a Django view that produces a page, then that documentation I’ve referenced covers it.

In Django, you need to be thinking about this in terms of the view, not the page.


In the above pic, I can perform all operations like save, edit, delete using leaf user.
(here also I restrict the user from all CRUD operations but still it shows the options.)


And in this pic, I restrict the user from all CRUD operations. The user can only view the dashboard.

Can you tell me my mistake??

No mistake.

The Django admin uses the permissions system - along with what you define in your ModelAdmin class - to restrict activity within the Admin.

For views that you write, it’s your responsibility to use that permission system to restrict those same activities.

Sorry, but I don’t understand.
Can you tell me in briefly?

I’m sorry, but I don’t know what it is that you don’t understand here. Please be more specific with your question.

I made two separate dashboard html templates.

Based on who logged in, I reverse to the specific dashboard for that user type (and I’m using a class based view).

class CustomLoginView(LoginView):
    template_name = 'dashboard/login.html'
    fields = '__all__'
    redirect_authenticated_user = True

    def get_success_url(self):
        if self.request.user.is_superuser:
            return reverse_lazy('dashboard')
        else:
            return reverse_lazy('dashboard_b')

In this case, if the user is not a superuser (but is a staff user) it will redirect to my dashboard_b template after the user logs in.

You can also do a lot with jinja2 here:

  {% if request.user.is_superuser %}
     <!-- If it's a superuser show this heading -->
  {% else %}
     <!-- If it's not a superuser show this heading -->
  {% endif %}
            
  {% if not request.user.is_superuser %}
     <!-- If it's not a superuser display this particular link/button -->
  {% endif %}

However, that, by itself, does not prevent a non-superuser from accessing the dashboard url. It only directs them to dashboard_b as a default.

Yes, I edited the post to show how jinja2 can be used to divide everything also. It’s a bit more work, but it can provide well for separating what can be seen on the site depending on ones account privileges