Django URL-based RBAC with pluggable modules and multi-platform user sync
Project description
Django Users Permission System
Reusable Django app for URL-based RBAC, module menus, and multi-platform user sync.
Works as a drop-in plugin for any Django project. Supports generic HTTP webhooks plus native adapters for GitLab, GitHub, Bitbucket, Gitea/Forgejo, and PyPI-style registries.
Features
- URL-level permission checks via middleware
- Database-driven module registry (
AppModule) - Roles + direct user permissions (
Role,UserAccessControl) - Pluggable permission modules via settings
- Multi-platform outbound sync (
ExternalSyncEndpoint) - Configurable label aliases (settings, DB, or plugins)
- AI Dashboard with stats, platform overview, and setup assistant
- Full documentation with architecture and platform guides
AI Dashboard & Documentation
Mount URLs in your project:
# urls.py
path("permissions/", include("userspermissionsystem.urls")),
| Page | URL |
|---|---|
| AI Dashboard | /permissions/dashboard/ |
| Documentation | /permissions/docs/ |
| AI Assistant API | /permissions/api/ai-assistant/ |
Docs included in package:
docs/index.md— overviewdocs/installation.md— setup guidedocs/architecture.md— system design (with diagram)docs/platforms.md— GitLab, GitHub, PyPI, etc.docs/plugins.md— custom plugins & adaptersdocs/roles.md— generic role & permission APIdocs/api.md— API reference
Install
pip install django-users-permission-system
# or from source:
pip install -e .
Add to INSTALLED_APPS:
INSTALLED_APPS = [
# ...
"import_export",
"userspermissionsystem.apps.UserspermissionsystemConfig",
]
Run migrations:
python manage.py migrate userspermissionsystem
Django settings
MIDDLEWARE = [
# ...
"userspermissionsystem.middleware.URLPermissionMiddleware",
]
TEMPLATES = [{
# ...
"OPTIONS": {
"context_processors": [
"userspermissionsystem.context_processors.base_context",
"userspermissionsystem.context_processors.user_roles_context",
],
},
}]
USER_PERMISSION_SYSTEM = {
# URL prefixes to skip permission checks
"SKIP_PREFIXES": ["/", "/login", "/logout", "/api/", "/admin/", "/static/", "/media/", "/permissions/"],
# Treat these labels as the same module (configure per project)
"LABEL_GROUPS": [
["orders", "order"],
],
# Optional permission plugins (dotted paths)
"PLUGINS": [
"myapp.permissions.TicketsPermissionPlugin",
],
# Optional custom platform adapters
"PLATFORM_ADAPTERS": {
"myplatform": "myapp.sync.MyPlatformAdapter",
},
# Privileged roles (replaces hardcoded "Admin")
"ADMIN_ROLE_NAMES": ["admin"],
# Optional nested permission map for UI flags
"PERMISSION_CODE_GROUPS": {
"orders_create": ("orders", "create"),
"orders_view": ("orders", "view"),
},
}
Generic role permissions
from userspermissionsystem.role_permissions import (
user_has_permission_code,
user_has_url_permission,
user_has_module_access,
user_has_role,
user_is_privileged,
get_grouped_permissions,
)
user_has_permission_code(user, "orders_create", app_label="orders")
user_has_url_permission(user, "/orders/create/", "POST", app_label="orders")
user_has_module_access(user, "orders")
user_has_role(user, "editor")
user_is_privileged(user) # checks ADMIN_ROLE_NAMES
See docs/roles.md for full API.
Platform sync setup
Create an AppModule with base_url, then add ExternalSyncEndpoint rows per event.
| Platform | platform_type |
auth_config example |
extra_config example |
|---|---|---|---|
| HTTP | http |
{"token": "...", "token_type": "Bearer"} |
{"method": "POST", "timeout": 10} |
| GitLab | gitlab |
{"token": "...", "token_type": "PRIVATE-TOKEN"} |
{"group_id": 12, "access_level": 30} |
| GitHub | github |
{"token": "ghp_..."} |
{"org": "my-org", "team_slug": "developers"} |
| Bitbucket | bitbucket |
{"token": "...", "token_type": "Bearer"} |
{"workspace": "myteam"} |
| Gitea | gitea |
{"token": "..."} |
{"group_id": 3} |
| PyPI | pypi |
{"token": "..."} |
{"scopes": ["upload"], "token_endpoint": "/api/v1/tokens/sync/"} |
Sync from signals
from userspermissionsystem.sync import dispatch_sync_event
@receiver(post_save, sender=get_user_model())
def sync_user(sender, instance, created, **kwargs):
payload = {
"username": instance.username,
"email": instance.email,
"first_name": instance.first_name,
"last_name": instance.last_name,
}
if created:
dispatch_sync_event("create", instance, payload)
else:
dispatch_sync_event("update", instance, payload)
Backward-compatible HTTP URL helper:
from userspermissionsystem.views import get_api_urls, sync_user_event
sync_user_event("create", user, payload) # preferred
urls = get_api_urls("create") # legacy HTTP-only
Writing a permission plugin
from userspermissionsystem.plugins.base import PermissionPlugin
class TicketsPermissionPlugin(PermissionPlugin):
label = "tickets"
def get_label_aliases(self):
return {"tickets", "ticket"}
Writing a custom platform adapter
from userspermissionsystem.platforms.base import PlatformAdapter, SyncResult
from userspermissionsystem.platforms.registry import register_platform_adapter
class MyPlatformAdapter(PlatformAdapter):
platform_type = "myplatform"
def sync(self, endpoint, event_type, user, payload, permissions=None):
# call external API
return SyncResult(success=True, platform=self.platform_type, message="ok")
register_platform_adapter(MyPlatformAdapter())
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_users_permission_system-0.3.0.tar.gz.
File metadata
- Download URL: django_users_permission_system-0.3.0.tar.gz
- Upload date:
- Size: 7.5 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9b1ac4f474725a52e26f6e93519d4eff4401e2971b852a9d552a6d9b9b2a0594
|
|
| MD5 |
d35437b7a305128167b2095796c021e5
|
|
| BLAKE2b-256 |
c49ead125e75d45888d816a37088e47204a6c84c0504f00d5a1290647b4aa4d5
|
File details
Details for the file django_users_permission_system-0.3.0-py3-none-any.whl.
File metadata
- Download URL: django_users_permission_system-0.3.0-py3-none-any.whl
- Upload date:
- Size: 7.6 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3f97c5dd96acafdd876572c4468bd2f3a87f9be3739575ccf2be0f8f635f6d9e
|
|
| MD5 |
bab9c841d617eac8c4b23fc1f98ce457
|
|
| BLAKE2b-256 |
b65bbaa8a33c9a797696a135150a66a70549e1cb98bb2e505376ca4b541193ba
|