A python package to control permissions for django ninja.
Project description
Django Ninja Shield
A powerful and flexible permissions control package for Django Ninja. This package allows you to easily manage and combine permissions for your Django Ninja API endpoints using a clean and intuitive syntax.
Features
- 🛡️ Simple permission decorators for Django Ninja endpoints
- ⚡ Combine permissions using logical operations (AND, OR, NOT)
- 🔒 Built on top of Django's permission system
- 🚀 Type-safe with full typing support
Installation
You can install the package using pip:
pip install django-ninja-shield
Or if you're using Poetry:
poetry add django-ninja-shield
Basic Usage
Here's a simple example of how to use django-ninja-shield:
from django_ninja_shield import requires_permissions
from ninja import Router
router = Router()
@router.get("/articles")
@requires_permissions("articles.view_article")
def get_articles(request):
return {"message": "You have permission to view articles"}
Advanced Usage
Combining Permissions
You can combine multiple permissions using logical operators:
from django_ninja_shield import requires_permissions, P
router = Router()
# Using AND operator
@router.post("/articles")
@requires_permissions(P("articles.add_article") & P("articles.change_article"))
def create_article(request):
return {"message": "You have permission to create articles"}
# Using OR operator
@router.get("/dashboard")
@requires_permissions(P("admin.view_dashboard") | P("staff.view_dashboard"))
def view_dashboard(request):
return {"message": "You have permission to view the dashboard"}
# Using NOT operator
@router.get("/public")
@requires_permissions(~P("articles.is_restricted"))
def public_view(request):
return {"message": "This is a public view"}
Complex Permission Combinations
You can create complex permission rules by combining multiple operations:
from django_ninja_shield import requires_permissions, P, IsAdmin, IsUseruser, IsStaff, IsActive
@router.put("/articles/{article_id}")
@requires_permissions(
(P("articles.change_article") & P("articles.view_article")) |
IsAdmin() # or: IsStaff(), IsSuperuser, IsActive
)
def update_article(request, article_id: int):
return {"message": f"Article {article_id} updated"}
Response Format
When permission is denied, the API returns a 403 Forbidden response with the following format:
{
"detail": "Permission denied"
}
Requirements
- Python ≥ 3.10
- Django ≥ 4.0.0
License
This project is licensed under the MIT License.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_ninja_shield-0.0.6.tar.gz.
File metadata
- Download URL: django_ninja_shield-0.0.6.tar.gz
- Upload date:
- Size: 3.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.1 CPython/3.13.1 Linux/6.8.0-1021-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aea821f2843c7864103c8d851d80f96404233e6c07b39550f2070f0faa7c3538
|
|
| MD5 |
66b5bbe818375f193cf38887666b54e5
|
|
| BLAKE2b-256 |
4ee3ea6e86f1484c82b066acdfbfa6da77e82687894a43c21168a9c2ef47f3ee
|
File details
Details for the file django_ninja_shield-0.0.6-py3-none-any.whl.
File metadata
- Download URL: django_ninja_shield-0.0.6-py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/2.1.1 CPython/3.13.1 Linux/6.8.0-1021-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
607d49704d564f3eb13823e7c316d17bf5e625eb2c67f64b0e34c267807355b6
|
|
| MD5 |
5b69c7b8f9e2fdc8b282a8b219a9b018
|
|
| BLAKE2b-256 |
ed6c40916d845c33e1f6ffa2430af2e3e23e537cffc59d40a465a66e5adfbe48
|
