Field level permissions for Django REST Framework
Project description
# django-rest-framework-fine-permissions
**New permissions possibilities for rest-framework**
# Compatibility
Works with :
* Python 2.7, 3.3, 3.4
* Django >= 1.7
* Django Rest Framework >= 3.0
[![Build Status](https://travis-ci.org/unistra/django-rest-framework-fine-permissions.svg?branch=master)](https://travis-ci.org/unistra/django-rest-framework-fine-permissions)
[![Coverage Status](https://coveralls.io/repos/github/unistra/django-rest-framework-fine-permissions/badge.svg?branch=master)](https://coveralls.io/github/unistra/django-rest-framework-fine-permissions?branch=master)
[![Code Health](https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master/landscape.svg?style=flat)](https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master)
# Installation
Install the package from pypi :
pip install djangorestframework-fine-permissions
Configure your `settings.py` module :
```python
INSTALLED_APPS = (
...
'rest_framework_fine_permissions',
)
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': (
# Enable the filter permission backend for all GenericAPIView
'rest_framework_fine_permissions.filters.FilterPermissionBackend',
),
'DEFAULT_PERMISSION_CLASSES': (
# Enable the django model permissions (view,create,delete,modify)
'rest_framework_fine_permissions.permissions.FullDjangoModelPermissions',
# OPTIONAL if you use FilterPermissionBackend and GenericAPIView. Check filter permissions for objects.
'rest_framework_fine_permissions.permissions.FilterPermission',
)
}
```
Sync the django's database :
python manage.py syncdb
Edit your `urls.py` module :
```python
from django.conf.urls import url
from django.contrib import admin
from rest_framework_fine_permissions.urls import urlpatterns as drffp_urls
urlpatterns = [
url(r'^admin/', admin.site.urls),
]
urlpatterns += drffp_urls
```
# Usage
* Go to the django admin page
* Add field's permissions to a user with the "User fields permissions" link
* Add filter's permissions to a user with the "User filters permissions" link
# Example
`models.py` :
```python
from django.db import models
from django.db.models import Sum
class PollsChoice(models.Model):
id = models.IntegerField(primary_key=True)
choice_text = models.CharField(max_length=200)
votes = models.IntegerField()
question = models.ForeignKey('PollsQuestion')
class Meta:
permissions = (('view_pollschoice', 'Can view pollschoice'),)
class PollsQuestion(models.Model):
id = models.IntegerField(primary_key=True)
question_text = models.CharField(max_length=200)
pub_date = models.DateTimeField()
class Meta:
permissions = (('view_pollsquestion', 'Can view pollsquestion'),)
@property
def sum_votes(self):
return self.pollschoice_set.aggregate(total=Sum('votes'))['total']
@property
def choices(self):
return self.pollschoice_set.all()
```
`serializers.py` :
```python
import datetime
from django.utils import timezone
from rest_framework import serializers
from rest_framework_fine_permissions.fields import ModelPermissionsField
from rest_framework_fine_permissions.serializers import ModelPermissionsSerializer
from . import models
class PollsChoiceSerializer(ModelPermissionsSerializer):
class Meta:
model = models.PollsChoice
class PollsQuestionSerializer(ModelPermissionsSerializer):
was_published_recently = serializers.SerializerMethodField()
votes = serializers.IntegerField(source='sum_votes')
choices = ModelPermissionsField(PollsChoiceSerializer)
class Meta:
model = models.PollsQuestion
def get_was_published_recently(self, obj):
return obj.pub_date >= timezone.now() - datetime.timedelta(days=1)
```
`views.py` :
```python
from . import models
from . import serializers
from rest_framework import generics
class PollsChoiceDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = models.PollsChoice.objects.all()
serializer_class = serializers.PollsChoiceSerializer
```
`urls.py` :
```python
from django.conf.urls import patterns, url
from rest_framework.urlpatterns import format_suffix_patterns
from . import views
urlpatterns = [,
url(r'^pollsquestion/(?P<pk>\w+)$', views.PollsQuestionDetail.as_view(), name='pollsquestion-all-detail'),
]
urlpatterns = format_suffix_patterns(urlpatterns, suffix_required=True)
```
Create a user without the staff and superuser status, and add him permissions :
![Admin interface](docs/admin1.png)
Then add user field permissions :
![Admin interface](docs/admin2.png)
You can finally call your webservice :
$ curl -X GET -H "Authorization: Token TOKEN" -H "Accept: application/json; indent=4" http://127.0.0.1/webservice/pollsquestion/1.json
{
"choices": [
{
"choice_text": "Yes",
"id": 1,
"votes": 5
},
{
"choice_text": "No",
"id": 2,
"votes": 2
}
],
"id": 1,
"pub_date": "2017-01-08T09:00:00",
"question_text": "Is this a question ?",
"votes": 7,
"was_published_recently": false
}
**New permissions possibilities for rest-framework**
# Compatibility
Works with :
* Python 2.7, 3.3, 3.4
* Django >= 1.7
* Django Rest Framework >= 3.0
[![Build Status](https://travis-ci.org/unistra/django-rest-framework-fine-permissions.svg?branch=master)](https://travis-ci.org/unistra/django-rest-framework-fine-permissions)
[![Coverage Status](https://coveralls.io/repos/github/unistra/django-rest-framework-fine-permissions/badge.svg?branch=master)](https://coveralls.io/github/unistra/django-rest-framework-fine-permissions?branch=master)
[![Code Health](https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master/landscape.svg?style=flat)](https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master)
# Installation
Install the package from pypi :
pip install djangorestframework-fine-permissions
Configure your `settings.py` module :
```python
INSTALLED_APPS = (
...
'rest_framework_fine_permissions',
)
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': (
# Enable the filter permission backend for all GenericAPIView
'rest_framework_fine_permissions.filters.FilterPermissionBackend',
),
'DEFAULT_PERMISSION_CLASSES': (
# Enable the django model permissions (view,create,delete,modify)
'rest_framework_fine_permissions.permissions.FullDjangoModelPermissions',
# OPTIONAL if you use FilterPermissionBackend and GenericAPIView. Check filter permissions for objects.
'rest_framework_fine_permissions.permissions.FilterPermission',
)
}
```
Sync the django's database :
python manage.py syncdb
Edit your `urls.py` module :
```python
from django.conf.urls import url
from django.contrib import admin
from rest_framework_fine_permissions.urls import urlpatterns as drffp_urls
urlpatterns = [
url(r'^admin/', admin.site.urls),
]
urlpatterns += drffp_urls
```
# Usage
* Go to the django admin page
* Add field's permissions to a user with the "User fields permissions" link
* Add filter's permissions to a user with the "User filters permissions" link
# Example
`models.py` :
```python
from django.db import models
from django.db.models import Sum
class PollsChoice(models.Model):
id = models.IntegerField(primary_key=True)
choice_text = models.CharField(max_length=200)
votes = models.IntegerField()
question = models.ForeignKey('PollsQuestion')
class Meta:
permissions = (('view_pollschoice', 'Can view pollschoice'),)
class PollsQuestion(models.Model):
id = models.IntegerField(primary_key=True)
question_text = models.CharField(max_length=200)
pub_date = models.DateTimeField()
class Meta:
permissions = (('view_pollsquestion', 'Can view pollsquestion'),)
@property
def sum_votes(self):
return self.pollschoice_set.aggregate(total=Sum('votes'))['total']
@property
def choices(self):
return self.pollschoice_set.all()
```
`serializers.py` :
```python
import datetime
from django.utils import timezone
from rest_framework import serializers
from rest_framework_fine_permissions.fields import ModelPermissionsField
from rest_framework_fine_permissions.serializers import ModelPermissionsSerializer
from . import models
class PollsChoiceSerializer(ModelPermissionsSerializer):
class Meta:
model = models.PollsChoice
class PollsQuestionSerializer(ModelPermissionsSerializer):
was_published_recently = serializers.SerializerMethodField()
votes = serializers.IntegerField(source='sum_votes')
choices = ModelPermissionsField(PollsChoiceSerializer)
class Meta:
model = models.PollsQuestion
def get_was_published_recently(self, obj):
return obj.pub_date >= timezone.now() - datetime.timedelta(days=1)
```
`views.py` :
```python
from . import models
from . import serializers
from rest_framework import generics
class PollsChoiceDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = models.PollsChoice.objects.all()
serializer_class = serializers.PollsChoiceSerializer
```
`urls.py` :
```python
from django.conf.urls import patterns, url
from rest_framework.urlpatterns import format_suffix_patterns
from . import views
urlpatterns = [,
url(r'^pollsquestion/(?P<pk>\w+)$', views.PollsQuestionDetail.as_view(), name='pollsquestion-all-detail'),
]
urlpatterns = format_suffix_patterns(urlpatterns, suffix_required=True)
```
Create a user without the staff and superuser status, and add him permissions :
![Admin interface](docs/admin1.png)
Then add user field permissions :
![Admin interface](docs/admin2.png)
You can finally call your webservice :
$ curl -X GET -H "Authorization: Token TOKEN" -H "Accept: application/json; indent=4" http://127.0.0.1/webservice/pollsquestion/1.json
{
"choices": [
{
"choice_text": "Yes",
"id": 1,
"votes": 5
},
{
"choice_text": "No",
"id": 2,
"votes": 2
}
],
"id": 1,
"pub_date": "2017-01-08T09:00:00",
"question_text": "Is this a question ?",
"votes": 7,
"was_published_recently": false
}
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file djangorestframework-fine-permissions-0.6.1.tar.gz
.
File metadata
- Download URL: djangorestframework-fine-permissions-0.6.1.tar.gz
- Upload date:
- Size: 100.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 858fb997673f21b169d4f9715795b292bb32cd32fc50505386ebf1e17b4f8f08 |
|
MD5 | 76bb667be8d7b5a6e6d6c9f8a41e6705 |
|
BLAKE2b-256 | b60c800df52f793c4f241fc91599015f95fa5f6f9307a1d150f68e0b09ffc8d6 |