<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Create a per-object permission — django-authority v0.4dev documentation</title> <link rel="stylesheet" href="_static/nature.css" type="text/css" /> <link rel="stylesheet" href="_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '', VERSION: '0.4dev', COLLAPSE_MODINDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="_static/jquery.js"></script> <script type="text/javascript" src="_static/doctools.js"></script> <link rel="shortcut icon" href="_static/favicon.png"/> <link rel="top" title="django-authority v0.4dev documentation" href="index.html" /> <link rel="next" title="Create a custom permission" href="create_custom_permission.html" /> <link rel="prev" title="Create a basic permission" href="create_basic_permission.html" /> </head> <body> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="create_custom_permission.html" title="Create a custom permission" accesskey="N">next</a> |</li> <li class="right" > <a href="create_basic_permission.html" title="Create a basic permission" accesskey="P">previous</a> |</li> <li><a href="index.html">django-authority v0.4dev documentation</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="create-a-per-object-permission"> <span id="create-per-object-permission"></span><h1>Create a per-object permission<a class="headerlink" href="#create-a-per-object-permission" title="Permalink to this headline">¶</a></h1> <p>django-authority provides a super simple but nifty feature called <em>per-object permission</em>. A description would be:</p> <div class="highlight-python"><pre>Attach a <codename> to an object Attach a <codename> to an user If the user has <codename> and the object has <codename> then do-something, otherwise do-something-else.</pre> </div> <p>This might sound strange but let’s have a closer look on this pattern. In terms of users and flatpages a visual example would be:</p> <img alt="_images/authority-object-1to1.png" src="_images/authority-object-1to1.png" /> <p><em>The user is allowed to review the flatpage “Events”.</em></p> <p>You are not limited to a 1:1 relation, you can add this <tt class="docutils literal"><span class="pre">codename</span></tt> to multiple objects:</p> <img alt="_images/authority-object-1toN.png" src="_images/authority-object-1toN.png" /> <p><em>The user is allowed to review the flatpages “Events” and “Contact”.</em></p> <p>And you can do this with any objects in any direction:</p> <img alt="_images/authority-object-NtoN.png" src="_images/authority-object-NtoN.png" /> <p><em>The user is allowed to review the flatpages “Events” and “Contact”. Another user is allowed to publish the flatpage “Events”.</em></p> <div class="section" id="create-per-object-permissions"> <h2>Create per-object permissions<a class="headerlink" href="#create-per-object-permissions" title="Permalink to this headline">¶</a></h2> <p>Creating per-object permissions is super simple. See this piece of permission class code:</p> <div class="highlight-python"><div class="highlight"><pre><span class="k">class</span> <span class="nc">FlatPagePermission</span><span class="p">(</span><span class="n">BasePermission</span><span class="p">):</span> <span class="n">label</span> <span class="o">=</span> <span class="s">'flatpage_permission'</span> <span class="n">checks</span> <span class="o">=</span> <span class="p">(</span><span class="s">'review'</span><span class="p">,)</span> <span class="n">authority</span><span class="o">.</span><span class="n">register</span><span class="p">(</span><span class="n">FlatPage</span><span class="p">,</span> <span class="n">FlatPagePermission</span><span class="p">)</span> </pre></div> </div> <p>This permission class is similar to the one we already created in <a class="reference external" href="create_basic_permission.html#create-basic-permission"><em>Create a basic permission</em></a> but we added the line:</p> <div class="highlight-python"><div class="highlight"><pre><span class="n">checks</span> <span class="o">=</span> <span class="p">(</span><span class="s">'review'</span><span class="p">,)</span> </pre></div> </div> <p>This tells the permission class that it has a permission check (or <tt class="docutils literal"><span class="pre">codename</span></tt>) <tt class="docutils literal"><span class="pre">review</span></tt>. Under the hood this check gets translated to <tt class="docutils literal"><span class="pre">review_flatpage</span></tt> (<tt class="docutils literal"><span class="pre">review_<modelname></span></tt>).</p> <div class="admonition important"> <p class="first admonition-title">Important</p> <p class="last">Be sure that you have understand that we have not written any line of code yet. We just added the <tt class="docutils literal"><span class="pre">codename</span></tt> to the checks attribute.</p> </div> </div> <div class="section" id="attach-per-object-permissions-to-objects"> <h2>Attach per-object permissions to objects<a class="headerlink" href="#attach-per-object-permissions-to-objects" title="Permalink to this headline">¶</a></h2> <p>Please see <a class="reference external" href="handling_admin.html#handling-admin"><em>Handling permissions using Django’s admin interface</em></a> for this.</p> </div> <div class="section" id="check-per-object-permissions"> <h2>Check per-object permissions<a class="headerlink" href="#check-per-object-permissions" title="Permalink to this headline">¶</a></h2> <p>As we noted above, we have not written any permission comparing code yet. This is your work. In theory the permission lookup for per-object permissions is:</p> <div class="highlight-python"><pre>if <theuser> has <codename> and <object> has <codename>: return True else: return False</pre> </div> <div class="admonition important"> <p class="first admonition-title">Important</p> <p class="last">The syntax is similiar to the permission checks we’ve already seen in <a class="reference external" href="create_basic_permission.html#create-basic-permission"><em>Create a basic permission</em></a> for the basic permissions but now we have to pass each function a model instance we want to check!</p> </div> <div class="section" id="in-your-python-code"> <h3>In your python code<a class="headerlink" href="#in-your-python-code" title="Permalink to this headline">¶</a></h3> <div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">myapp.permissions</span> <span class="kn">import</span> <span class="n">FlatPagePermission</span> <span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span> <span class="n">check</span> <span class="o">=</span> <span class="n">FlatPagePermission</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">user</span><span class="p">)</span> <span class="n">flatpage_object</span> <span class="o">=</span> <span class="n">Flatpage</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="s">'/homepage/'</span><span class="p">)</span> <span class="k">if</span> <span class="n">check</span><span class="o">.</span><span class="n">review_flatpage</span><span class="p">(</span><span class="n">flatpage_object</span><span class="p">):</span> <span class="k">print</span> <span class="s">"Yay, you can change *this* flatpage!"</span> </pre></div> </div> </div> <div class="section" id="using-the-view-decorator"> <h3>Using the view decorator<a class="headerlink" href="#using-the-view-decorator" title="Permalink to this headline">¶</a></h3> <div class="highlight-python"><pre>from django.contrib.auth import Flatpage from authority.decorators import permission_required_or_403 @permission_required_or_403('flatpage_permission.review_flatpage', (Flatpage, 'url__iexact', 'url')) # The flatpage_object def my_view(request, url): # ...</pre> </div> <p>See <a class="reference external" href="check_decorator.html#check-decorator"><em>Check permissions using the decorator</em></a> how the decorator works in detail.</p> </div> <div class="section" id="in-your-templates"> <h3>In your templates<a class="headerlink" href="#in-your-templates" title="Permalink to this headline">¶</a></h3> <div class="highlight-python"><pre>{% ifhasperm "flatpage_permission.review_flatpage" request.user flatpage_object %} Yay, you can change *this* flatpage! {% else %} Nope, sorry. You aren't allowed to change *this* flatpage. {% endifhasperm %}</pre> </div> <p>See <a class="reference external" href="check_templates.html#check-templates"><em>Check permissions in templates</em></a> how the template tag works in detail.</p> </div> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <p class="logo"><a href="index.html"> <img class="logo" src="_static/logo.png" alt="Logo"/> </a></p> <h3><a href="index.html">Table Of Contents</a></h3> <ul> <li><a class="reference external" href="">Create a per-object permission</a><ul> <li><a class="reference external" href="#create-per-object-permissions">Create per-object permissions</a></li> <li><a class="reference external" href="#attach-per-object-permissions-to-objects">Attach per-object permissions to objects</a></li> <li><a class="reference external" href="#check-per-object-permissions">Check per-object permissions</a><ul> <li><a class="reference external" href="#in-your-python-code">In your python code</a></li> <li><a class="reference external" href="#using-the-view-decorator">Using the view decorator</a></li> <li><a class="reference external" href="#in-your-templates">In your templates</a></li> </ul> </li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="create_basic_permission.html" title="previous chapter">Create a basic permission</a></p> <h4>Next topic</h4> <p class="topless"><a href="create_custom_permission.html" title="next chapter">Create a custom permission</a></p> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="search.html" method="get"> <input type="text" name="q" size="18" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="create_custom_permission.html" title="Create a custom permission" >next</a> |</li> <li class="right" > <a href="create_basic_permission.html" title="Create a basic permission" >previous</a> |</li> <li><a href="index.html">django-authority v0.4dev documentation</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009, the django-authority team. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 0.6.3. </div> </body> </html>