In the Django admin screen for displaying lists of users (with the header, Select user to change), there are the fields username/email, etc and staff_status. I would like to add the user's active status to that display.
Although most of the django-admin customization questions seem to involve extending the admin model - since this field already exists, I would think it only requires changing a template. However, I have looked at all the templates under admin and edit-inline, and if it's one of those, I can't tell. :)
So how do I add active status to the user-list display? A template change, and if so, which one? Note - I'm currently using Django 1.2, not the latest development version.
It's in http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/admin.py:
class UserAdmin,
Add it to list_display (see django doc):
list_display = ('username', 'email', 'first_name', 'last_name', 'is_staff',
'is_active')
Try this (Worked for me)-
from django.contrib.auth.admin import UserAdmin
UserAdmin.list_display = (....,'is_active')
Related
I have a rails app and within I have User model. I added admin:boolean column to user table and :default => false.
Now I would like to create a call center panel on the system to be able to handle user requests by phone etc. I am wondering should I create another table like user or is it ok to add a boolean field to user table.
I know I can handle it with adding column. I will add a namespace as call_center to controller, routes etc. but my question is, which option is the most effective and sustainable one?
The way I've seen this handled is exactly as you describe, with a boolean (is admin true) or with a number in cases where there are more than two user types. Wordpress, forum software, Mediawiki, etc. need to allow for several user types which have varying degrees of access.
This is typically done the way you've done it, by adding a column to the user table that holds this number. For example, admins could be 0, moderators 1, regular users 2, etc. The number doesn't matter as long as your system makes sense to you. With your boolean, you can easily check to see if a user is an admin or not, and thus enable the admin to do things other users cannot. In doing so, you simply have to set this column up so the default is false, so when new users sign up they are not put in as admins. In short, I don't think you need another table.
I have a question concerning Rails security. Let's say we have User model, and it has many boolean values for roles, such as admin, director, and so on.
An Admin will definitely want to edit these values on forms, so we'll want to use attr_accessible to let the admin user do this.
Of course, other uses will be able to edit their User model as well - either editing their profile, or when they invite/add new users to the system themselves. In the case of director's, we actually want them to set roles that are "lesser" than director, but we don't want him to be able to set director or admin
Since we expose these controllers that modify users, wouldn't attr_accessible allow director and admin to be set in this case? This sounds like a very big security hole.
So what is the best way to restrict access?
Set each parameter, one at a time?
Set admin = false and director = false on the create/update actions? The simplest solution, but kind of nasty to have this in the controller.
Use an if statement to see if that user role can edit those attributes and allow it?
Use rails callbacks?, such as before_validation or before_save?
Some other declarative solution?
Thanks
The upcoming release of Rails 3.1 (there is a release candidate out at the moment) has a new option to attr_accessible that will allow you to define a role that can override it at the controller level by passing without_protection => true.
You can read more about it here: http://www.enlightsolutions.com/articles/whats-new-in-edge-scoped-mass-assignment-in-rails-3-1
And the section about attr_accessible in the rails security guide here: http://edgeguides.rubyonrails.org/security.html#countermeasures
One of these may be of help:
https://github.com/dmitry/attr_accessible_block
https://github.com/thefrontiergroup/scoped_attr_accessible
... allowing you to use role based conditions to determine what attributes can be set.
I'm using the Typus Admin UI for a Ruby on Rails project and it's great.
I was wondering if there's a way to customize it to do the following:
There is a database column named "account_type" which is an integer.
Some non-technical admins use the Admin site and aren't aware of
the integer to description mappings (e.g. 0 = START, 200 = READY, 400 = PENDING).
So I'd like to create a drop down box ( tag) whose values shows
START, READY, PENDING. And when the form is submitted the "account_type" field
is correctly changed to (0, 200, or 400).
Does anyone know if this is possible with Typus and how to do it?
The solution was documented here:
https://github.com/fesplugas/typus/wiki/customization-user-interface
I learned that views for the admin can be overrided by creating directories with the model name in the app/views/admin . So to override views for a "Book" class you can
Run "rails generate typus:views"
create the directory app/views/admin/books
copy files from app/views/admin/resources to the app/views/admin/books directory
change files as needed (I changed the _form.html.erb)
I would like to allow users to write comments on a site. If they are registered users their username is displayed with the comment, otherwise allow them to type in a name which is displayed instead.
I was going to create a default anonymous user in the database and link every non-registered comment to that user. Would there be a better way to do it?
Any advice appreciated.
Thanks.
The problem with creating an anonymous user is then you need to check if a comment was made by a "real" user, or an anonymous one when displaying the name, so that introduces complexity. Plus, if you have a way of viewing their profile page, which may include posting history, you'd need to exclude the anonymous user with an exception.
Generally it's better to have a column on your comments which represents the user's visible name, and just show that if provided, or the registered user's name otherwise. For instance, your view helper might look like this:
class Comment < ActiveRecord::Base
belongs_to :user
def user_name
self.anonymous_name or (self.user and self.user.name) or 'Anonymous'
end
end
This will display the contents of the anonymous_name field of the Comment record, or the user's name if a user is assigned, or 'Anonymous' as a last-ditch effort to show something.
Sometimes it's advantageous to actually de-normalize a lot of the database when dealing with large numbers of comments so you don't have to load in the user table via a join simply to display a name. Populating this field with the user's name, even if they're not anonymous, may help with this, though it does mean these values need to be updated when a username changes, presuming that's even possible.
I think you can make user_id on your comment model nullable since you want to allow non registered users to add comments as well. As far as adding names for the non registered users are concerned, there are two options for that
option 1. Add a column on Comment model and name it like anonymous_user where you will store names of non registered users
option 2. Create a another model AnonymousCommentor with name and comment_id attributes.
If you are going to use anonymous users for other things as well apart from comment in your application then you can make it polymorphic and use a suitable name like AnonymousUser instead of AnonymousCommentor
I have just started Rails and have a basic question.
I need to add customer properties(like email id etc) so that the Rails app can read them at runtime. How can I do this ?
Can I add them to development.rb and if so how can I read it ?
In java I would have created a properties file and read it from my app.
thank you,
firemonkey
Are you trying to do store and load configuration settings?
It's easy to store configuration settings in a yaml file and load them with initializers - loads better than littering your environment files.
This Railscast: http://railscasts.com/episodes/85-yaml-configuration-file shows you how.
I'm not sure exactly what you are asking. I'm guessing you want an initial set of data in the database that you can access when you actually run the app? If that is so check out this other SO question How (and whether) to populate rails application with initial data
It's a little unclear exactly what you're trying to do, but it sounds like maybe you have a model called Customer and you would like to add some attributes to it, such as email address, id, and so on?
Basically, with Active Record you don't need to do anything special to add a simple attribute (like a string or an integer). Just add a field called "email_address" to your customers table in the database, and all of your Customer objects will automagically get "email_address" and "email_address=" methods (not to mention the Customer class itself getting "find_by_email_address" and other useful methods as well). If you are adding a field containing another model, it's a bit more complicated - add a "something_id" field to the table, and an association to the class definition (eg, "has_one :something"). For more information, see the ActiveRecord api documentation.
You don't have to use any particular means to add the field to your database, but you might want to consider Migrations. Migrations are a convenient way to keep your schema versioned and synchronized across multiple machines.
If you are building your model right now, there's a short cut built in to the generator to add fields. Instead of just saying...
script/generate scaffold customer
...you can say...
script/generate scaffold customer email:string name:string badge_number:integer
...and it will generate all the appropriate fields in your migration, as well as adding them to your generated views.