Django Group-based roles
Project description
Django Group Role
django-group-role
aims to simplify "role based access" in django-based projects and applications.
This app is build on top on contrib.auth
and guardian
apps.
django-group-role
aims to enhance existing Group
and Permission
models of contrib.auth
app to configure global-level access rules.
Install
First add 'django_group_role'
to INSTALLED_APPS
after contrib.auth
and guardian
and then configure the "role-definition" module:
INSTALLED_APPS = [
...
"django.contrib.auth",
...
"guardian",
"django_group_role",
...
]
# every used role must be registered in this module
ROLES_MODULE = "myproject.roles"
Basic Setup
"Roles" are classes derived from django_group_role.roles.Role
and should declare the following two attributes:
name
: the name of the group which will be bound to this role (mandatory)permissions
: specify which permissions are granted to this role, it may be indicated in one of the following form:- a list of available permission which will be bound to this role, they must be provided using the notation
'<appname>.<codename>'
- a dict which keys can be app-names or
<appname.model>
(see example below)
- a list of available permission which will be bound to this role, they must be provided using the notation
from django_group_role import Role
class BasicRole(Role):
name = "Base"
abstract = True
permissions = ["auth.view_user", "auth.view_group"]
class ExpandedRole(BasicRole):
name = "Expanded"
permissions = ["auth.add_user", "auth.change_user"]
class DerivedRole(BasicRole):
name = "Derived"
permissions = {
'auth': {
'user': ['view_user', 'add_user', 'delete_user']
},
'auth.group': ['view_group'],
}
NOTE: to do not have the command creating a "base" group set it as
abstract = True
Role inheritance
Roles can derive one-another like normal python classes, when a roles extend an other one it is not required to provide the permissions
list. When extending an existing role its permissions gets merged with those defined in the base class.
NOTE: ATM multi-role inheritance is not tested, it may work but it is not guaranteed.
Database alignment
Since Role
classes are not bound to database Group
they must be synchronized in order to work as expected. To perform this the management command populate_roles
is available. This command takes every configured role defined in ROLES_MODULE
and set-up its permissions on the database, also creating the appropriate group if it does not exists yet.
See command help for further information regarding its arguments.
Signals
Upon setup each role fires two signals:
pre_role_setup
: before the setup process starts, providingrole
andclear
kwargspost_role_setup
: after the setup process ends, providingrole
kwargs
Use in unittest (TestCase)
For django style TestCase
based testing is it possible to use the RoleEnabledTestMixin
. This overrides the setUpTestData
to load and create role-related data before running tests.
NOTE: ATM it is not guaranteed that loading different roles in each test may not collide, it could be released in the future.
Credits
This work was in part inspired by django-role-permissions.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django_group_role-0.7.2.tar.gz
.
File metadata
- Download URL: django_group_role-0.7.2.tar.gz
- Upload date:
- Size: 13.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.12
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 99581e87be93f6b428585d8a6a39c4ec70e8dc9b75248fab59587aa9fe5a146f |
|
MD5 | 2652de149158b87f0531ae30c2a43969 |
|
BLAKE2b-256 | 25db18d108ac4040c697b027e62c8a855b744b2d72d3ca52043de76c4e25ad0b |
File details
Details for the file django_group_role-0.7.2-py3-none-any.whl
.
File metadata
- Download URL: django_group_role-0.7.2-py3-none-any.whl
- Upload date:
- Size: 13.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.10.12
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | cbe9f856a039e42e6fffa74594aa75e1776be96025ab39fd3218a4c0bb462586 |
|
MD5 | d227ff235a5e348f82e65d31ed46e7cd |
|
BLAKE2b-256 | 55eddb9fe7f5b730ca936cfce66b642649039f2655be59086953fa717cfce0b0 |