Skip to main content

Django Group-based roles

Project description

Django Group Role

Linters/Tests PyPI versions PyPI pyversions Django version

django-group-role aims to simplify "role based access" in django-based projects and applications. This app is build on top on contrib.auth and guardian apps.

django-group-role aims to enhance existing Group and Permission models of contrib.auth app to configure global-level access rules.

Install

First add 'django_group_role' to INSTALLED_APPS after contrib.auth and guardian and then configure the "role-definition" module:

INSTALLED_APPS = [
    ...
    "django.contrib.auth",
    ...
    "guardian",
    "django_group_role",
    ...
]

# every used role must be registered in this module
ROLES_MODULE = "myproject.roles"

Basic Setup

"Roles" are classes derived from django_group_role.roles.Role and should declare the following two attributes:

  • name: the name of the group which will be bound to this role (mandatory)
  • permissions: specify which permissions are granted to this role, it may be indicated in one of the following form:
    • a list of available permission which will be bound to this role, they must be provided using the notation '<appname>.<codename>'
    • a dict which keys can be app-names or <appname.model> (see example below)
from django_group_role import Role


class BasicRole(Role):
    name = "Base"
    abstract = True
    permissions = ["auth.view_user", "auth.view_group"]


class ExpandedRole(BasicRole):
    name = "Expanded"
    permissions = ["auth.add_user", "auth.change_user"]


class DerivedRole(BasicRole):
    name = "Derived"
    permissions = {
        'auth': {
            'user': ['view_user', 'add_user', 'delete_user']
        },
        'auth.group': ['view_group'],
    }

NOTE: to do not have the command creating a "base" group set it as abstract = True

Role inheritance

Roles can derive one-another like normal python classes, when a roles extend an other one it is not required to provide the permissions list. When extending an existing role its permissions gets merged with those defined in the base class.

NOTE: ATM multi-role inheritance is not tested, it may work but it is not guaranteed.

Database alignment

Since Role classes are not bound to database Group they must be synchronized in order to work as expected. To perform this the management command populate_roles is available. This command takes every configured role defined in ROLES_MODULE and set-up its permissions on the database, also creating the appropriate group if it does not exists yet.

See command help for further information regarding its arguments.

Signals

Upon setup each role fires two signals:

  • pre_role_setup: before the setup process starts, providing role and clear kwargs
  • post_role_setup: after the setup process ends, providing role kwargs

Use in unittest (TestCase)

For django style TestCase based testing is it possible to use the RoleEnabledTestMixin. This overrides the setUpTestData to load and create role-related data before running tests.

NOTE: ATM it is not guaranteed that loading different roles in each test may not collide, it could be released in the future.


Credits

This work was in part inspired by django-role-permissions.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django_group_role-0.7.2.tar.gz (13.7 kB view details)

Uploaded Source

Built Distribution

django_group_role-0.7.2-py3-none-any.whl (13.5 kB view details)

Uploaded Python 3

File details

Details for the file django_group_role-0.7.2.tar.gz.

File metadata

  • Download URL: django_group_role-0.7.2.tar.gz
  • Upload date:
  • Size: 13.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.12

File hashes

Hashes for django_group_role-0.7.2.tar.gz
Algorithm Hash digest
SHA256 99581e87be93f6b428585d8a6a39c4ec70e8dc9b75248fab59587aa9fe5a146f
MD5 2652de149158b87f0531ae30c2a43969
BLAKE2b-256 25db18d108ac4040c697b027e62c8a855b744b2d72d3ca52043de76c4e25ad0b

See more details on using hashes here.

File details

Details for the file django_group_role-0.7.2-py3-none-any.whl.

File metadata

File hashes

Hashes for django_group_role-0.7.2-py3-none-any.whl
Algorithm Hash digest
SHA256 cbe9f856a039e42e6fffa74594aa75e1776be96025ab39fd3218a4c0bb462586
MD5 d227ff235a5e348f82e65d31ed46e7cd
BLAKE2b-256 55eddb9fe7f5b730ca936cfce66b642649039f2655be59086953fa717cfce0b0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page