Rules Permissions with Django DRF

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for lsaavedr from gravatar.com lsaavedr

Unverified details

These details have not been verified by PyPI
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Luis Saavedra
  • Tags django , drf , permissions , rules
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

PyPI - Version PyPI - Python Version Coverage Status

drf-rules is a Django REST Framework extension built on top of django-rules that provides object-level permissions fully aligned with DRF actions.

It allows you to declaratively define which users or groups can perform each action (create, list, retrieve, update, destroy, etc.) on your models and API endpoints.

Features

  • Simplicity (KISS): minimal setup, easy to understand.

  • Native DRF integration: rules map directly to DRF actions.

  • Consistent conventions: follows DRF’s CRUD action names (retrieve instead of view, destroy instead of delete).

  • Well tested and documented: high test coverage and clear examples.

  • Powered by django-rules: inherits its flexibility and extensibility.

Table of Contents

Requirements

  • Python 3.8+

  • Django 4.2+

Note: drf-rules supports all currently maintained Django versions and drops end-of-life versions in minor releases. See the Django Project documentation for timelines.

Installation

Using pip:

$ pip install drf-rules

Using uv:

$ uv add drf-rules

Run tests with:

$ ./runtests.sh

Django Setup

Add rules to INSTALLED_APPS:

INSTALLED_APPS = [
    # ...
    "rules",
]

Configure authentication backends:

AUTHENTICATION_BACKENDS = [
    "rules.permissions.ObjectPermissionBackend",
    "django.contrib.auth.backends.ModelBackend",
]

Defining Rules

Example with a Book model:

import rules

@rules.predicate
def is_librarian(user):
    return user.groups.filter(name="librarians").exists()

@rules.predicate
def is_author(user):
    return user.groups.filter(name="authors").exists()

Using with DRF

Model Permissions

Define object-level rules in Meta.rules_permissions:

import rules
from rules.contrib.models import RulesModel

class Book(RulesModel):
    title = models.CharField(max_length=100)
    author = models.CharField(max_length=100)

    class Meta:
        rules_permissions = {
            "create": rules.is_staff,
            "retrieve": rules.is_authenticated,
        }

CRUD conventions differ slightly:

CRUD Conventions

Action

django-rules

drf-rules

Create

add

create

Retrieve

view

retrieve

Update

change

update / partial_update

Delete

delete

destroy

List

view

list

View Permissions

Use AutoRulesPermission with your DRF views:

from rest_framework.viewsets import ModelViewSet
from drf_rules.permissions import AutoRulesPermission

class BookViewSet(ModelViewSet):
    queryset = Book.objects.all()
    serializer_class = BookSerializer
    permission_classes = [AutoRulesPermission]

You can also define rules for custom actions:

class Book(RulesModel):
    title = models.CharField(max_length=100)
    author = models.CharField(max_length=100)

    class Meta:
        rules_permissions = {
            "create": rules.is_staff,
            "retrieve": rules.is_authenticated,
            "custom_nodetail": rules.is_authenticated,
            ":default:": rules.is_authenticated,
        }

  • The :default: rule applies to all conventional actions (list, retrieve, create, update, partial_update, destroy) not explicitly defined.

  • Non-standard actions (e.g. custom_nodetail) must be defined explicitly.

Custom User Integration

If you are using a custom User model or any other custom model, you can integrate drf-rules by combining RulesModelMixin with the RulesModelBase metaclass. This ensures that permissions are automatically registered on the model.

from django.contrib.auth.models import AbstractUser
from rules.contrib.models import RulesModelMixin, RulesModelBase

class CustomUser(AbstractUser, RulesModelMixin, metaclass=RulesModelBase):
    """
    Example custom user integrated with drf-rules.
    You can define CRUD permissions here via Meta.rules_permissions.
    """
    class Meta:
        rules_permissions = {
            "create": rules.is_staff,
            "retrieve": rules.is_authenticated,
            ":default:": rules.is_authenticated,
        }

If you already use a custom metaclass for your user model (or any other model), make sure it inherits from ``RulesModelBase`` so that drf-rules can register permissions correctly.

License

drf-rules is distributed under the terms of the BSD-3-Clause license.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for lsaavedr from gravatar.com lsaavedr

Unverified details

These details have not been verified by PyPI
Meta
  • License: BSD License (BSD-3-Clause)
  • Author: Luis Saavedra
  • Tags django , drf , permissions , rules
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

drf_rules-0.0.8.tar.gz (72.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

drf_rules-0.0.8-py3-none-any.whl (7.9 kB view details)

Uploaded Python 3

File details

Details for the file drf_rules-0.0.8.tar.gz.

File metadata

  • Download URL: drf_rules-0.0.8.tar.gz
  • Upload date:
  • Size: 72.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for drf_rules-0.0.8.tar.gz
Algorithm Hash digest
SHA256 30d5df72f25c952c46f0bbbaeb372363182dd64c47ac4e0b14b9d3f782d1456c
MD5 89e63fc844d9e67c1fe009a0f612590a
BLAKE2b-256 953b42f26449db412f76c31351d682a912df3e68e57d8cc1cded30c3498efae2

See more details on using hashes here.

Provenance

The following attestation bundles were made for drf_rules-0.0.8.tar.gz:

Publisher: publish.yml on lsaavedr/drf-rules

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file drf_rules-0.0.8-py3-none-any.whl.

File metadata

  • Download URL: drf_rules-0.0.8-py3-none-any.whl
  • Upload date:
  • Size: 7.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for drf_rules-0.0.8-py3-none-any.whl
Algorithm Hash digest
SHA256 c6d176e887eae1f88f79c9dc0f8e960610af0715a61d3d700ba2697d86b36ce1
MD5 2322c1a7697cc894a694f4b5c3ea72c4
BLAKE2b-256 27cf13bb86b3c74ad889f517c84855d52d15e3cd08fe6a6108ba768ccb52a2e5

See more details on using hashes here.

Provenance

The following attestation bundles were made for drf_rules-0.0.8-py3-none-any.whl:

Publisher: publish.yml on lsaavedr/drf-rules

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page