This is a pre-production deployment of Warehouse, however changes made here WILL affect the production instance of PyPI.
Latest Version Dependencies status unknown Test status unknown Test coverage unknown
Project Description

Django authentication and authorization utilities.

Installation

pip install django-auth-utils

Supported and tested on:

  • Python: 2.7, 3.4, 3.5, PyPy
  • Django: 1.8, 1.9

Configuration

In order to use the auth_utils template tag library, add auth_utils to your INSTALLED_APPS.

Alternatively, since Django 1.9, you can add auth_utils.templatetags.auth_utils to your DjangoTemplates OPTIONS.

Usage

Permission-checking views

The ObjectPermissionRequiredMixin view combines Django’s PermissionRequiredMixin and SingleObjectMixin views, and performs the permission check against the object that was looked up.

Use it like the base classes:

from auth_utils.views import ObjectPermissionRequiredMixin


class ArticleDetail(ObjectPermissionRequiredMixin, generic.DetailView):
    model = Article
    permission_required = ['news.read_article']


class ArticleUpdate(ObjectPermissionRequiredMixin, generic.UpdateView):
    model = Article
    permission_required = ['news.change_article']

Permission-checking in templates

Load the template tag library:

{% load auth_utils %}

The perms filter allows checking object-level permissions with a convenient syntax:

{% if perm in user|perms:object %} ... {% endif %}

The object argument is optional. If omitted, the global permission is checked, similar to Django’s perms object.

Examples:

{% if 'news.read_article' in user|perms:article %}
    {{ article.text }}
{% else %}
    You do not have permission to read this article.
{% endif %}


{% if 'news.change_article' in user|perms:article %}
    <a href="...">Edit article</a>
{% endif %}

{% if 'news.delete_article' in user|perms:article %}
    <a href="...">Delete article</a>
{% endif %}

The library provides can_change and can_delete shorthands for checking Django’s default app.change_model and app.delete_model model permissions:

{% if user|can_change:article %} <a href="...">Edit</a> {% endif %}
{% if user|can_delete:article %} <a href="...">Delete</a> {% endif %}

BaseAuthorizationBackend

This base class provides all the boilerplate code necessary for a Django authentication backend to work, without performing any user authentication or permission authorization itself.

This is intended to make it easy to write custom authorization policies that only implement the backend methods they’re interested in:

from auth_utils.backends import BaseAuthorizationBackend


class ArticleEditPolicy(BaseAuthorizationBackend):
    """
    Allow authors to change and delete their own articles.
    """

    def get_user_permissions(self, user_obj, obj=None):
        is_author = isinstance(obj, Article) and article.author == user_obj
        if user_obj.is_active and is_author:
            return {'news.change_article', 'news.delete_article'}
        else:
            return set()


class GuestAccessPolicy(BaseAuthorizationBackend):
    """
    Allow anonymous users to read non-premium articles.
    """

    def get_user_permissions(self, user_obj, obj=None):
        guest_readable = isinstance(obj, Article) and not article.is_premium
        if not user_obj.is_authenticated() and guest_readable:
            return {'news.read_article'}
        else:
            return set()

Once defined, these policies can be enabled in AUTHENTICATION_BACKENDS:

AUTHENTICATION_BACKENDS = [
    'django.contrib.auth.backends.ModelBackend',

    # Custom authorization policies
    'news.auth.ArticleEditPolicy',
    'news.auth.GuestAccessPolicy',
]
Release History

Release History

0.1

This version

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

0.1rc1

History Node

TODO: Figure out how to actually get changelog content.

Changelog content for this version goes here.

Donec et mollis dolor. Praesent et diam eget libero egestas mattis sit amet vitae augue. Nam tincidunt congue enim, ut porta lorem lacinia consectetur. Donec ut libero sed arcu vehicula ultricies a non tortor. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Show More

Download Files

Download Files

TODO: Brief introduction on what you do with files - including link to relevant help section.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django_auth_utils-0.1-py2-none-any.whl (5.7 kB) Copy SHA256 Checksum SHA256 py2 Wheel Mar 4, 2016
django_auth_utils-0.1-py3-none-any.whl (5.7 kB) Copy SHA256 Checksum SHA256 py3 Wheel Mar 4, 2016
django-auth-utils-0.1.tar.gz (9.9 kB) Copy SHA256 Checksum SHA256 Source Mar 4, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS HPE HPE Development Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting