Manage object permissions by defining methods in Django Model
Project description
django-reinhardt
There are many object permission backends like django-guardian or django-permission.
But some time, it is needed to define permissions as not just object-user relationship.
django-reinhardt make you handle object permissions by defining methods in your django model
Free software: MIT license
Documentation: https://django-reinhardt.readthedocs.io.
Installation
Use pip like:
$ pip install django-reinhardt
Usage
Add extra authorization backends in your settings.py:
AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', # default 'reinhardt.backends.PermissionBackend', )
It’s done. you don’t need to add any app or migrate anything.
Assume that Inquiry model needs to have two permission: change_inqury, view_inquiry
class Inquiry(models.Model): writer = models.ForeignKey(settings.AUTH_USER_MODEL) text = models.TextField() pub_date = models.DateTimeField(auto_now_add=True) @object_permission(codename='change_inquiry') def is_changeable_by(self, user): return self.writer == user or user.is_staff @object_permission(codename='view_inquiry') def is_viewable_by(self, user): return self.writer == user
Then you can just define methods having user parameter, decorated by object_permission.
Now the following codes will work as expected:
user1 = get_user_model().objects.create( username='nanase' ) user2 = get_user_model().objects.create( username='maiyan' ) user3 = get_user_model().objects.create( username='ikuta' ) inquiry = Inquiry.objects.create( writer=self.user1, text='How can I delete my account?' ) assert user1.has_perm('yourapp.change_inquiry', obj=inquiry) == True assert user2.has_perm('yourapp.view_inquiry', obj=inquiry) == False assert user3.has_perm('yourapp.change_inquiry', obj=inquiry) == False assert user3.has_perm('yourapp.view_inquiry', obj=inquiry) == True
Credits
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.
History
0.2.0 (2016-08-2)
Change the way how to distinguish permission-related method from others.
Now you should use object_permission decorator instead of can_ prefix to define permission methods.
0.1.0 (2016-07-19)
First release on PyPI.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-reinhardt-0.2.0.tar.gz
.
File metadata
- Download URL: django-reinhardt-0.2.0.tar.gz
- Upload date:
- Size: 12.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5bde8b05b5122a736b9a59399155caa9788a8a1a6d07a85d8d9b336a32038988 |
|
MD5 | 1ebb5843344360f8fb336ed399878f79 |
|
BLAKE2b-256 | 44248979fce65bb8f30d375d865c65950a6a73bb826df663efc70db69382732a |