permissions
— Permissions¶
This module implements row level permission handling to use along with
django’s generic permissions provided by the django.contrib.auth module. More
precissely, this module extends the User and Group models with a couple of
methods which take care of adding,deleting and checking of permissions. The
Permission
class keeps log of all existing permissions in the
database.
Permission Objects¶
Each instance of the Permission
class represents a relationship
between a user and an object and it is identified by its name. The permission
name can be any string like ‘edit’, ‘read’ or ‘delete’ and usually describes
the kind of permission it implements.
-
class
permissions.
Permission
(name, content_type, object_id, content_object[, User, Group])¶ -
name
¶ The name of the permission. Usually it’s a string denoting the meaning of the permission ( eg ‘edit’, ‘read’, ‘delete’, etc)
-
content_type
¶ This attribute stores the content type of the object over which this permission is effective.
-
object_id
¶ This is the id of the related object.
-
content_object
¶ This is a foreign key to the actual object (object instance) over this permission is effective.
-
user
¶ If the permission is effective for a single user, this field points to this user otherwise it is null.
-
group
¶ If the permission is effective for a whole group, this field points to this group otherwise it is null.
-
User/Group methods¶
As told before, the row level permissions add various methods to the User and Group models with which one can add/edit/delete permissions over various objects and/or QuerySets.
class User:
permissions.
add_row_perm
(instance, perm)¶This method takes an object instance and the name of the permission and adds this permission for the calling user over the object instance given. For example:
>>> station = Station.objects.get(id='10001') >>> user = User.objects.get(username='testuser') >>> user.add_row_perm(station, 'edit')
permissions.
del_row_perm
(instance, perm)¶This method takes an object instance and a permission name and if the user has that permission over the object, the method deletes it. If the user doesn’t have that permisssion, nothing happens.
>>> station = Station.objects.get(id='10001') >>> user = User.objects.get(username='testuser') >>> user.del_row_perm(station, 'edit')
permissions.
has_row_perm
(instance, perm)¶This method takes an object instance and a permission name and checks whether the calling user has that permission over the object instance. If this method is called from a superuser, it always returns
True
. For example:>>> station = Station.objects.get(id='10001') >>> user = User.objects.get(username='testuser') >>> user.has_row_perm(station, 'edit') False
permissions.
get_rows_with_permission
(instance, perm)¶This method is used to return all instances of the same conten type as the given instance over which the user has the perm permission. For example:
>>> user = User.objects.get(username='testuser') >>> user.get_rows_with_permission(Station,'edit')This will return all Stations that the user can ‘edit’.
class Group:
All methods and their usage are the same as with User. However, it’s worth noting that once a user inherits a permission from a group, the only way to remove that permission is to leave the group since using del_row_perm() from the user won’t affect the group permissions.
permissions.
add_row_perm
(instance, perm)
permissions.
del_row_perm
(instance, perm)
permissions.
has_row_perm
(instance, perm)
permissions.
get_rows_with_permission
(instance, perm)