Action based permissions for Django REST Framework.

Navigation

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT License)

Author: Denis Orehovsky

Maintainers

Avatar for apirobot from gravatar.com apirobot

Classifiers

Project description

https://travis-ci.org/apirobot/django-rest-action-permissions.svg?branch=master https://codecov.io/gh/apirobot/django-rest-action-permissions/branch/master/graph/badge.svg https://badge.fury.io/py/django-rest-action-permissions.svg

Django REST Action Permissions

django-rest-action-permissions allows you to define permissions for each action provided by your ViewSet class.

Installation

Install using pip:

$ pip install django-rest-action-permissions

Usage

This library lets you define permissions like so:

# permissions.py
from rest_framework.permissions import (
    AllowAny, BasePermission, IsAdminUser, IsAuthenticated
)
from rest_action_permissions.permissions import ActionPermission


class IsTweetOwner(BasePermission):

    def has_object_permission(self, request, view, obj):
        return obj.owner == request.user


class TweetPermission(ActionPermission):
    # The admin user has all permissions.
    enough_perms = IsAdminUser

    # Corresponding permissions for each action.
    create_perms = IsAuthenticated
    retrieve_perms = AllowAny
    list_perms = AllowAny
    update_perms = IsTweetOwner
    delete_perms = IsTweetOwner
    retweet_perms = IsAuthenticated
    undo_retweet_perms = IsAuthenticated

    # General read/write permissions.
    # Used if corresponding action permission hasn't been specified.
    read_perms = AllowAny
    write_perms = IsAuthenticated & IsTweetOwner

Corresponding ViewSet for the permissions defined above:

# views.py
from rest_framework import viewsets
from rest_framework.decorators import detail_route
from .models import Tweet
from .permissions import TweetPermission
from .serializers import TweetSerializer


class TweetViewSet(viewsets.ModelViewSet):
    queryset = Tweet.objects.all()
    serializer_class = TweetSerializer
    permission_classes = (TweetPermission, )

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)

    @detail_route(methods=['POST'])
    def retweet(self, request, *args, **kwargs):
        ...

    @detail_route(methods=['POST'])
    def undo_retweet(self, request, *args, **kwargs):
        ...

Credits

The interface of this library was inspired by taiga project.

Project details

Project links

Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: MIT License (MIT License)

Author: Denis Orehovsky

Maintainers

Avatar for apirobot from gravatar.com apirobot

Classifiers


Release history Release notifications | RSS feed

This version

2.0.0

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-rest-action-permissions, version 2.0.0
Filename, size File type Python version Upload date Hashes
Filename, size django_rest_action_permissions-2.0.0-py2.py3-none-any.whl (5.1 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size django-rest-action-permissions-2.0.0.tar.gz (4.9 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page