Reusable Django app to add privacy settings to fields and/or objects.
This is a generic app for assigning privacy related settings to whole objects or to single fields.
If you add e.g. user profiles to your app, you might want to let the users decide where and how to publish their content. Some might want to hide everything from public, some might want to show private updates to friends or colleagues only.
We define clearance levels to allow access or not. The lowest level is the least secure. E.g.:
- Level 1: Everyone can see the content.
- Level 2: Only connected users can see the content.
- Level 3: Only the user herself can see the content.
This app provides the backend for custom functions to (not) display content.
You need at least the following packages in your virtualenv:
- Django >= 1.5
- django-hvad >= 0.3
- django-libs >= 1.27.1
To get the latest stable release from PyPi:
$ pip install django-privacy
To get the latest commit from GitHub:
$ pip install -e git://github.com/bitmazk/django-privacy.git#egg=privacy
Add the app to your INSTALLED_APPS:
INSTALLED_APPS = [ ... 'privacy', ]
Run the south migrations to create the app’s database tables:
$ ./manage.py migrate privacy
Ordering of the privacy levels. Use ['-clearance_level'] to reverse the ordering or e.g. ['name'] to sort by level names.
Custom function to return a privacy level instance for the owner/requester relation. E.g. 'myproject.privacy_settings.get_clearance_level'
You can find an example in the test_app of this repository.
Default clearance level if a field has no privacy setting assigned.
This form mixin handles privacy related form data (in case you use our render_privacy_level_field template tag). Just add the mixin class to your form and privacy settings will be saved:
from django import forms from privacy.forms import PrivacyFormMixin class MyModelForm(PrivacyFormMixin, forms.ModelForm): class Meta: model = MyModel fields = ('field1', 'field2')
If you want to filter querysets outside of templates (to keep pagination alive or to use custom model managers), you can use the following helper:
Just pass a queryset and a clearance_level. You can also filter for matching levels, just use exact. An example:
class MyListView(ListView): model = MyModel def get_queryset(self): qs = super(MyListView, self).get_queryset() clearance_level = get_clearance_level(self.owner, self.request.user) return filter_privacy_level(qs, clearance_level, self.request.GET.get('exact'))
See the issue tracker for current and upcoming features.