Field level permissions for Django REST Framework
Project description
New permissions possibilities for rest-framework
Compatibility
Works with :
Python 3.8, 3.9, 3.10
Django 3.2
Django Rest Framework >= 3.13
Installation
Install the package from pypi :
pip install djangorestframework-fine-permissions
Configure your settings.py module :
INSTALLED_APPS = (
...
'rest_framework_fine_permissions',
)
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': (
# Enable the filter permission backend for all GenericAPIView
'rest_framework_fine_permissions.filters.FilterPermissionBackend',
),
'DEFAULT_PERMISSION_CLASSES': (
# Enable the django model permissions (view,create,delete,modify)
'rest_framework_fine_permissions.permissions.FullDjangoModelPermissions',
# OPTIONAL if you use FilterPermissionBackend and GenericAPIView. Check filter permissions for objects.
'rest_framework_fine_permissions.permissions.FilterPermission',
)
}
Sync the django’s database :
python manage.py syncdb
Edit your urls.py module :
from django.conf.urls import url
from django.contrib import admin
from rest_framework_fine_permissions.urls import urlpatterns as drffp_urls
urlpatterns = [
url(r'^admin/', admin.site.urls),
]
urlpatterns += drffp_urls
Usage
Go to the django admin page
Add field’s permissions to a user with the “User fields permissions” link
Add filter’s permissions to a user with the “User filters permissions” link
Example
models.py :
from django.db import models
from django.db.models import Sum
class PollsChoice(models.Model):
id = models.IntegerField(primary_key=True)
choice_text = models.CharField(max_length=200)
votes = models.IntegerField()
question = models.ForeignKey('PollsQuestion')
class Meta:
permissions = (('view_pollschoice', 'Can view pollschoice'),)
class PollsQuestion(models.Model):
id = models.IntegerField(primary_key=True)
question_text = models.CharField(max_length=200)
pub_date = models.DateTimeField()
class Meta:
permissions = (('view_pollsquestion', 'Can view pollsquestion'),)
@property
def sum_votes(self):
return self.pollschoice_set.aggregate(total=Sum('votes'))['total']
@property
def choices(self):
return self.pollschoice_set.all()
serializers.py :
import datetime
from django.utils import timezone
from rest_framework import serializers
from rest_framework_fine_permissions.fields import ModelPermissionsField
from rest_framework_fine_permissions.serializers import ModelPermissionsSerializer
from . import models
class PollsChoiceSerializer(ModelPermissionsSerializer):
class Meta:
model = models.PollsChoice
class PollsQuestionSerializer(ModelPermissionsSerializer):
was_published_recently = serializers.SerializerMethodField()
votes = serializers.IntegerField(source='sum_votes')
choices = ModelPermissionsField(PollsChoiceSerializer)
class Meta:
model = models.PollsQuestion
def get_was_published_recently(self, obj):
return obj.pub_date >= timezone.now() - datetime.timedelta(days=1)
views.py :
from . import models
from . import serializers
from rest_framework import generics
class PollsChoiceDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = models.PollsChoice.objects.all()
serializer_class = serializers.PollsChoiceSerializer
urls.py :
from django.conf.urls import patterns, url
from rest_framework.urlpatterns import format_suffix_patterns
from . import views
urlpatterns = [,
url(r'^pollsquestion/(?P<pk>\w+)$', views.PollsQuestionDetail.as_view(), name='pollsquestion-all-detail'),
]
urlpatterns = format_suffix_patterns(urlpatterns, suffix_required=True)
Create a user without the staff and superuser status, and add him permissions :
Then add user field permissions :
You can finally call your webservice :
$ curl -X GET -H "Authorization: Token TOKEN" -H "Accept: application/json; indent=4" http://127.0.0.1/webservice/pollsquestion/1.json
{
"choices": [
{
"choice_text": "Yes",
"id": 1,
"votes": 5
},
{
"choice_text": "No",
"id": 2,
"votes": 2
}
],
"id": 1,
"pub_date": "2017-01-08T09:00:00",
"question_text": "Is this a question ?",
"votes": 7,
"was_published_recently": false
}
Import/Export
To export field’s permissions, you can use the following command :
python manage.py fine_permissions_dump myuser > /tmp/myuserfieldsperms.json
To import field’s permissions, you can use the following command :
python manage.py fine_permissions_load -u anotheruser /tmp/myuserfieldsperms.json
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for djangorestframework-fine-permissions-0.9.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | be97aacdcfa59e04f41ea3fc214b0dd67f448d1ec8d9d39ce6fdb2c921e06840 |
|
MD5 | 348f0d49c0c877b3029c25a66847142b |
|
BLAKE2b-256 | fd6df18b3aad91b5aa0063518e16fe62d651e3c3920e7cc050230d250ad82881 |
Hashes for djangorestframework_fine_permissions-0.9.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1f04bb6e801fbcf79b852b721df7a21c1e101a523a843d333e2f086ceebd4f41 |
|
MD5 | 806626a193b5cde25a3f4eff48c893f6 |
|
BLAKE2b-256 | 209768951d541c3a4b8849f7d5ec55737bf2947e3e30219badcf9619be64037e |