Describe the bug
When a non-admin user (in our case: a user that has registered through tom-registration and has been approved by an admin) creates a target group and tries to add a target to that group, the following error message appears:
To Reproduce
Steps to reproduce the behavior:
- Login as non-admin user
- Create a target group (go to /targets/targetgrouping/, click "create new grouping", fill out the form, etc.)
- Go to /targets
- Select n target(s), make sure target group is selected and click "add"
- You see a success message that says 0 targets were added and a message about permissions and app_label mismatchs
Expected behavior
- if the user does not have the permissions to add targets to a group, a message saying "permission denied" should appear
- if the user has the permission, the targets should be added to the group and a success message should appear.
Screenshots
Desktop (please complete the following information):
- OS: MacOS
- Browser: Firefox
- Version [e.g. 22]: Firefox 150.0
- Python Version: Python 3.11.15
Additional context
- we are using a custom target model that extends BaseTarget
- I have looked at the code that produces the error message; seems to be here https://github.com/django-guardian/django-guardian/blob/main/guardian/backends.py#L107.
Guardian compares app_labels and these do not match, so this seems to be the cause of the error. I don't know, if we can just "change" the app_label in our Meta class in our custom model to be the same as BaseTarget or if that has some negative consequences. As a fallback, guardian compares the app_label of the content type and allows providing a custom function for fetching the content type via guardian_settings.GET_CONTENT_TYPE. I did try this with the following approach and it got rid off the error message and now just displays "Failed to add target with id=foo to group 'foo'; Permission denied. "
def get_content_type(obj):
if type(obj) is GalacticTarget:
base_target_instance = BaseTarget.objects.get(pk=obj.id)
return ContentType.objects.get_for_model(base_target_instance)
return ContentType.objects.get_for_model(obj)But I don't know if that is a good idea.
- in general, in our current setup regular users don't seem to be allowed to add targets to groups unless they have created the group and have the
change_target permission for the target. We don't add that permission for groups in our ingest scripts, so I think no user has that permission for these targets, and this will always fail. If a target is created through the UI and permission is set to public, regular users seem to be able to add these targets to their own groups. But other users can only add these targets to their own groups if (I think) the user that created the target is in the same group as the one who wants to add it to their group.
Describe the bug
When a non-admin user (in our case: a user that has registered through tom-registration and has been approved by an admin) creates a target group and tries to add a target to that group, the following error message appears:
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Screenshots
Desktop (please complete the following information):
Additional context
Guardian compares app_labels and these do not match, so this seems to be the cause of the error. I don't know, if we can just "change" the app_label in our Meta class in our custom model to be the same as BaseTarget or if that has some negative consequences. As a fallback, guardian compares the app_label of the content type and allows providing a custom function for fetching the content type via
guardian_settings.GET_CONTENT_TYPE. I did try this with the following approach and it got rid off the error message and now just displays "Failed to add target with id=foo to group 'foo'; Permission denied. "But I don't know if that is a good idea.
change_targetpermission for the target. We don't add that permission for groups in our ingest scripts, so I think no user has that permission for these targets, and this will always fail. If a target is created through the UI and permission is set to public, regular users seem to be able to add these targets to their own groups. But other users can only add these targets to their own groups if (I think) the user that created the target is in the same group as the one who wants to add it to their group.