Django's object permission library
Project description
django-object-permissiono apply object permission feature to Django models
Install
sudo pip install django-object-permission
or:
sudo pip install git+git://github.com/lambdalisue/django-object-permission.git#egg=django-object-permission
How to Use
Append object_permission to INSTALLED_APPS
run manage.py syncdb
Add modify_object_permission(mediator, created) and modify_object_permission_m2m(mediator, sender, model, pk_set, removed) to the target model at models.py
Use object_permission.decorators.permission_required(parm, queryset) to filtering view or whatever
Example mini blog app
models.py:
from django.db import models
from django.contrib.auth.models import User
from object_permission.mediators import ObjectPermissionMediator as Mediator
class Entry(models.Model):
PUB_STATES = (
('public', 'public entry'),
('protected', 'login required'),
('private', 'secret entry'),
)
pub_state = models.CharField('publish status', choices=PUB_STATES)
title = models.CharField('title', max_length=140)
body = models.TextField('body')
author = models.ForeignKey(User, verbose_name='author')
# ...
# The method below is called every after when object is saved
def modify_object_permission(self, mediator, created):
# be author to manager (has `view`, `add`, `change`, `delete` permission)
mediator.manager(self, self.author)
if self.pub_state == 'public':
# be viewer (has `view` permission) login user
mediator.viewer(self, None)
# # be editor (has `view`, `change`) login user
# mediator.editor(self, None)
# be viewer anonymous user
mediator.viewer(self, 'anonymous')
elif self.pub_state == 'protected':
mediator.viewer(self, None)
# reject anonymous user
mediator.reject(self, 'anonymous')
else:
mediator.reject(self, None)
mediator.reject(self, 'anonymous')
# The method below is called every after when object ManyToMany relation is updated
def modify_object_permission_m2m(self, mediator, sender, model, pk_set, removed):
pass
views.py:
from django.views.generic import list_detail
from django.views.generic import create_update
from object_permission.decorators import permission_required
from models import Entry
def object_list(request, *args, **kwargs):
return list_detail.object_list(request, *args, **kwargs)
@permission_required('blog.view_entry', Entry)
def object_detail(request, object_id, *args, **kwargs):
return list_detail.object_detail(request, object_id=object_id, *args, **kwargs)
# actually `blog.add_entry` permission is not object permission
# so you have to set permission to each user in Django's admin site or whatever
@permission_required('blog.entry_add')
def create_object(request, *args, **kwargs):
return create_update.create_object(request, *args, **kwargs)
@permission_required('blog.change_entry', Entry)
def update_object(request, object_id, *args, **kwargs):
return create_update.update_object(request, object_id=object_id, *args, **kwargs)
@permission_required('blog.delete_entry', Entry)
def delete_object(request, object_id, *args, **kwargs):
return create_update.delete_object(request, object_id=object_id, *args, **kwargs)
index.html:
{% load object_permission_tags %}
<html>
<head>
<title>django-object-permission example</title>
</head>
<body>
{% if 'blog.add_entry' of None or 'blog.change_entry' of object or 'blog.delete_entry' of object %}
<!-- displayed only user who has `blog.add_entry` permission,
`blog.change_entry` permision for object or
`blog.delete_entry` permission for object -->
<h2>Toolbox</h2>
{% if 'blog.add_entry' of object %}
<!-- displayed only user who has `blog.add_entry` permission -->
<a href="{% url 'blog-entry-create' %}">Add New Entry</a>
{% endif %}
{% if object and 'blog.change_entry' of object %}
<!-- displayed only user who has `blog.change_entry` permission for object -->
<a href="{% url 'blog-entry-update' object.pk %}">Change this entry</a>
{% endif %}
{% if object and 'blog.delete_entry' of object %}
<!-- displayed only user who has `blog.delete_entry` permission for object -->
<a href="{% url 'blog-entry-delete' object.pk %}">Delete this entry</a>
{% endif%}
{% endif %}
</body>
</html>
Settings
- OBJECT_PERMISSION_MODIFY_FUNCTION
set the name of function when object is saved for modify object permission for the object. the default value is modify_object_permission
- OBJECT_PERMISSION_MODIFY_M2M_FUNCTION
set the name of function when object’s ManyToMany relation is updated for modify object permission for the object. the default value is modify_object_permission_m2m
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django-object-permission-0.1rc4.tar.gz.
File metadata
- Download URL: django-object-permission-0.1rc4.tar.gz
- Upload date:
- Size: 10.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9e6939a970188f88fcf29b02a56c25445ea2557baa712c37ea827bb3cb17c31d
|
|
| MD5 |
35462bea5fe16c44ac41c4073bc01954
|
|
| BLAKE2b-256 |
c923753647c43b599a72f9db183e8ebbae4798361670f5349497b4b56d19ec02
|
File details
Details for the file django_object_permission-0.1rc4-py2.7.egg.
File metadata
- Download URL: django_object_permission-0.1rc4-py2.7.egg
- Upload date:
- Size: 30.9 kB
- Tags: Egg
- Uploaded using Trusted Publishing? No
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7a128d041f051573502a912e34f60cda3bc4e0b799fe5e7f5dc9660395f53fa1
|
|
| MD5 |
1dc6fe7b22111e2c53053f4f046c8197
|
|
| BLAKE2b-256 |
4faade3537c5fcca64252ef2fcbe4d5cb64dcbc1388d77d74ac85bbdb576b304
|
