Skip to main content

Action based permissions for Django REST Framework.

Project description

https://travis-ci.org/apirobot/django-rest-action-permissions.svg?branch=master https://codecov.io/gh/apirobot/django-rest-action-permissions/branch/master/graph/badge.svg https://badge.fury.io/py/django-rest-action-permissions.svg

Django REST Action Permissions

django-rest-action-permissions allows you to define permissions for each action provided by your ViewSet class.

Installation

Install using pip:

$ pip install django-rest-action-permissions

Usage

This library lets you define permissions like so:

# permissions.py
from rest_framework.permissions import (
    AllowAny, BasePermission, IsAdminUser, IsAuthenticated
)
from rest_action_permissions.permissions import ActionPermission


class IsTweetOwner(BasePermission):

    def has_object_permission(self, request, view, obj):
        return obj.owner == request.user


class TweetPermission(ActionPermission):
    # The admin user has all permissions.
    enough_perms = IsAdminUser

    # Corresponding permissions for each action.
    create_perms = IsAuthenticated
    retrieve_perms = AllowAny
    list_perms = AllowAny
    update_perms = IsTweetOwner
    delete_perms = IsTweetOwner
    retweet_perms = IsAuthenticated
    undo_retweet_perms = IsAuthenticated

    # General read/write permissions.
    # Used if corresponding action permission hasn't been specified.
    read_perms = AllowAny
    write_perms = IsAuthenticated & IsTweetOwner

Corresponding ViewSet for the permissions defined above:

# views.py
from rest_framework import viewsets
from rest_framework.decorators import detail_route
from .models import Tweet
from .permissions import TweetPermission
from .serializers import TweetSerializer


class TweetViewSet(viewsets.ModelViewSet):
    queryset = Tweet.objects.all()
    serializer_class = TweetSerializer
    permission_classes = (TweetPermission, )

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)

    @detail_route(methods=['POST'])
    def retweet(self, request, *args, **kwargs):
        ...

    @detail_route(methods=['POST'])
    def undo_retweet(self, request, *args, **kwargs):
        ...

Credits

The interface of this library was inspired by taiga project.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-rest-action-permissions, version 2.0.0
Filename, size File type Python version Upload date Hashes
Filename, size django_rest_action_permissions-2.0.0-py2.py3-none-any.whl (5.1 kB) File type Wheel Python version py2.py3 Upload date Hashes View hashes
Filename, size django-rest-action-permissions-2.0.0.tar.gz (4.9 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page