Django's object permission library

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Alisue from gravatar.com Alisue Avatar for lambdalisue from gravatar.com lambdalisue

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD)

Author: Alisue

Tags django, permission, object

Classifiers

Project description

django-object-permissiono apply object permission feature to Django models

Install

sudo pip install django-object-permission

or:

sudo pip install git+git://github.com/lambdalisue/django-object-permission.git#egg=django-object-permission

How to Use

  1. Append object_permission to INSTALLED_APPS

  2. run manage.py syncdb

  3. Add modify_object_permission(mediator, created) and modify_object_permission_m2m(mediator, sender, model, pk_set, removed) to the target model at models.py

  4. Use object_permission.decorators.permission_required(parm, queryset) to filtering view or whatever

Example mini blog app

models.py:

from django.db import models
from django.contrib.auth.models import User
from object_permission.mediators import ObjectPermissionMediator as Mediator

class Entry(models.Model):
        PUB_STATES = (
                ('public', 'public entry'),
                ('protected', 'login required'),
                ('private', 'secret entry'),
        )
        pub_state = models.CharField('publish status', choices=PUB_STATES)
        title = models.CharField('title', max_length=140)
        body = models.TextField('body')
        author = models.ForeignKey(User, verbose_name='author')

        # ...

        # The method below is called every after when object is saved
        def modify_object_permission(self, mediator, created):
                # be author to manager (has `view`, `add`, `change`, `delete` permission)
                mediator.manager(self, self.author)

                if self.pub_state == 'public':
                        # be viewer (has `view` permission) login user
                        mediator.viewer(self, None)
                        # # be editor (has `view`, `change`) login user
                        # mediator.editor(self, None)
                        # be viewer anonymous user
                        mediator.viewer(self, 'anonymous')
                elif self.pub_state == 'protected':
                        mediator.viewer(self, None)
                        # reject anonymous user
                        mediator.reject(self, 'anonymous')
                else:
                        mediator.reject(self, None)
                        mediator.reject(self, 'anonymous')

        # The method below is called every after when object ManyToMany relation is updated
        def modify_object_permission_m2m(self, mediator, sender, model, pk_set, removed):
                pass

views.py:

from django.views.generic import list_detail
from django.views.generic import create_update
from object_permission.decorators import permission_required
from models import Entry

def object_list(request, *args, **kwargs):
        return list_detail.object_list(request, *args, **kwargs)

@permission_required('blog.view_entry', Entry)
def object_detail(request, object_id, *args, **kwargs):
        return list_detail.object_detail(request, object_id=object_id, *args, **kwargs)

# actually `blog.add_entry` permission is not object permission
# so you have to set permission to each user in Django's admin site or whatever
@permission_required('blog.entry_add')
def create_object(request, *args, **kwargs):
        return create_update.create_object(request, *args, **kwargs)

@permission_required('blog.change_entry', Entry)
def update_object(request, object_id, *args, **kwargs):
        return create_update.update_object(request, object_id=object_id, *args, **kwargs)

@permission_required('blog.delete_entry', Entry)
def delete_object(request, object_id, *args, **kwargs):
        return create_update.delete_object(request, object_id=object_id, *args, **kwargs)

index.html:

<html>
<head>
        <title>django-object-permission example</title>
</head>
<body>
        {% ifhsp 'blog.add_entry','blog.change_entry','blog.delete_entry' of user for object %}
        <!-- displayed only user who has `blog.add_entry` permission,
                `blog.change_entry` permision for object or
                `blog.delete_entry` permission for object -->
        <h2>Toolbox</h2>
        {% ifhsp 'blog.add_entry' of user %}
        <!-- displayed only user who has `blog.add_entry` permission -->
        <a href="{% url 'blog-entry-create' %}">Add New Entry</a>
        {% endifhsp %}
        {% if object %}
        {% ifhsp 'blog.change_entry' of user for object %}
        <!-- displayed only user who has `blog.change_entry` permission for object -->
        <a href="{% url 'blog-entry-update' object.pk %}">Change this entry</a>
        {% endifhsp %}
        {% ifhsp 'blog.delete_entry' of user for object %}
        <!-- displayed only user who has `blog.delete_entry` permission for object -->
        <a href="{% url 'blog-entry-delete' object.pk %}">Delete this entry</a>
        {% endifhsp %}
        {% endif %}
        {% endifhsp %}
</body>
</html>

Settings

OBJECT_PERMISSION_MODIFY_FUNCTION

set the name of function when object is saved for modify object permission for the object. the default value is modify_object_permission

OBJECT_PERMISSION_MODIFY_M2M_FUNCTION

set the name of function when object’s ManyToMany relation is updated for modify object permission for the object. the default value is modify_object_permission_m2m

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Alisue from gravatar.com Alisue Avatar for lambdalisue from gravatar.com lambdalisue

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD)

Author: Alisue

Tags django, permission, object

Classifiers

Release history Release notifications | RSS feed

0.5.2

0.5.1

0.5.0

0.4-3-g122b pre-release

0.4-2-g2274

0.4rc3 pre-release

0.4rc2 pre-release

0.4rc1 pre-release

0.3rc3 pre-release

0.3rc2 pre-release

0.3rc1 pre-release

0.2rc1 pre-release

0.1rc7 pre-release

0.1rc6 pre-release

0.1rc5 pre-release

0.1rc4 pre-release

This version

0.1rc3 pre-release

0.1rc2 pre-release

0.1rc1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

django_object_permission-0.1rc3-py2.7.egg (30.8 kB view hashes)

Uploaded Source

django-object-permission-0.1rc3.linux-i686.tar.gz (20.6 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page