<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Create a per-object permission — django-authority v0.4dev documentation</title>
<link rel="stylesheet" href="_static/nature.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: '',
VERSION: '0.4dev',
COLLAPSE_MODINDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="shortcut icon" href="_static/favicon.png"/>
<link rel="top" title="django-authority v0.4dev documentation" href="index.html" />
<link rel="next" title="Create a custom permission" href="create_custom_permission.html" />
<link rel="prev" title="Create a basic permission" href="create_basic_permission.html" />
</head>
<body>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="create_custom_permission.html" title="Create a custom permission"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="create_basic_permission.html" title="Create a basic permission"
accesskey="P">previous</a> |</li>
<li><a href="index.html">django-authority v0.4dev documentation</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body">
<div class="section" id="create-a-per-object-permission">
<span id="create-per-object-permission"></span><h1>Create a per-object permission<a class="headerlink" href="#create-a-per-object-permission" title="Permalink to this headline">¶</a></h1>
<p>django-authority provides a super simple but nifty feature called <em>per-object
permission</em>. A description would be:</p>
<div class="highlight-python"><pre>Attach a <codename> to an object
Attach a <codename> to an user
If the user has <codename> and the object has <codename> then do-something,
otherwise do-something-else.</pre>
</div>
<p>This might sound strange but let’s have a closer look on this pattern.
In terms of users and flatpages a visual example would be:</p>
<img alt="_images/authority-object-1to1.png" src="_images/authority-object-1to1.png" />
<p><em>The user is allowed to review the flatpage “Events”.</em></p>
<p>You are not limited to a 1:1 relation, you can add this <tt class="docutils literal"><span class="pre">codename</span></tt> to
multiple objects:</p>
<img alt="_images/authority-object-1toN.png" src="_images/authority-object-1toN.png" />
<p><em>The user is allowed to review the flatpages “Events” and “Contact”.</em></p>
<p>And you can do this with any objects in any direction:</p>
<img alt="_images/authority-object-NtoN.png" src="_images/authority-object-NtoN.png" />
<p><em>The user is allowed to review the flatpages “Events” and “Contact”. Another
user is allowed to publish the flatpage “Events”.</em></p>
<div class="section" id="create-per-object-permissions">
<h2>Create per-object permissions<a class="headerlink" href="#create-per-object-permissions" title="Permalink to this headline">¶</a></h2>
<p>Creating per-object permissions is super simple. See this piece of permission
class code:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="k">class</span> <span class="nc">FlatPagePermission</span><span class="p">(</span><span class="n">BasePermission</span><span class="p">):</span>
<span class="n">label</span> <span class="o">=</span> <span class="s">'flatpage_permission'</span>
<span class="n">checks</span> <span class="o">=</span> <span class="p">(</span><span class="s">'review'</span><span class="p">,)</span>
<span class="n">authority</span><span class="o">.</span><span class="n">register</span><span class="p">(</span><span class="n">FlatPage</span><span class="p">,</span> <span class="n">FlatPagePermission</span><span class="p">)</span>
</pre></div>
</div>
<p>This permission class is similar to the one we already created in
<a class="reference external" href="create_basic_permission.html#create-basic-permission"><em>Create a basic permission</em></a> but we added the line:</p>
<div class="highlight-python"><div class="highlight"><pre><span class="n">checks</span> <span class="o">=</span> <span class="p">(</span><span class="s">'review'</span><span class="p">,)</span>
</pre></div>
</div>
<p>This tells the permission class that it has a permission check (or <tt class="docutils literal"><span class="pre">codename</span></tt>)
<tt class="docutils literal"><span class="pre">review</span></tt>. Under the hood this check gets translated to <tt class="docutils literal"><span class="pre">review_flatpage</span></tt>
(<tt class="docutils literal"><span class="pre">review_<modelname></span></tt>).</p>
<div class="admonition important">
<p class="first admonition-title">Important</p>
<p class="last">Be sure that you have understand that we have not written any
line of code yet. We just added the <tt class="docutils literal"><span class="pre">codename</span></tt> to the checks attribute.</p>
</div>
</div>
<div class="section" id="attach-per-object-permissions-to-objects">
<h2>Attach per-object permissions to objects<a class="headerlink" href="#attach-per-object-permissions-to-objects" title="Permalink to this headline">¶</a></h2>
<p>Please see <a class="reference external" href="handling_admin.html#handling-admin"><em>Handling permissions using Django’s admin interface</em></a> for this.</p>
</div>
<div class="section" id="check-per-object-permissions">
<h2>Check per-object permissions<a class="headerlink" href="#check-per-object-permissions" title="Permalink to this headline">¶</a></h2>
<p>As we noted above, we have not written any permission comparing code yet. This
is your work. In theory the permission lookup for per-object permissions is:</p>
<div class="highlight-python"><pre>if <theuser> has <codename> and <object> has <codename>:
return True
else:
return False</pre>
</div>
<div class="admonition important">
<p class="first admonition-title">Important</p>
<p class="last">The syntax is similiar to the permission checks we’ve already
seen in <a class="reference external" href="create_basic_permission.html#create-basic-permission"><em>Create a basic permission</em></a> for the basic permissions but now
we have to pass each function a model instance we want to check!</p>
</div>
<div class="section" id="in-your-python-code">
<h3>In your python code<a class="headerlink" href="#in-your-python-code" title="Permalink to this headline">¶</a></h3>
<div class="highlight-python"><div class="highlight"><pre><span class="kn">from</span> <span class="nn">myapp.permissions</span> <span class="kn">import</span> <span class="n">FlatPagePermission</span>
<span class="k">def</span> <span class="nf">my_view</span><span class="p">(</span><span class="n">request</span><span class="p">):</span>
<span class="n">check</span> <span class="o">=</span> <span class="n">FlatPagePermission</span><span class="p">(</span><span class="n">request</span><span class="o">.</span><span class="n">user</span><span class="p">)</span>
<span class="n">flatpage_object</span> <span class="o">=</span> <span class="n">Flatpage</span><span class="o">.</span><span class="n">objects</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="n">url</span><span class="o">=</span><span class="s">'/homepage/'</span><span class="p">)</span>
<span class="k">if</span> <span class="n">check</span><span class="o">.</span><span class="n">review_flatpage</span><span class="p">(</span><span class="n">flatpage_object</span><span class="p">):</span>
<span class="k">print</span> <span class="s">"Yay, you can change *this* flatpage!"</span>
</pre></div>
</div>
</div>
<div class="section" id="using-the-view-decorator">
<h3>Using the view decorator<a class="headerlink" href="#using-the-view-decorator" title="Permalink to this headline">¶</a></h3>
<div class="highlight-python"><pre>from django.contrib.auth import Flatpage
from authority.decorators import permission_required_or_403
@permission_required_or_403('flatpage_permission.review_flatpage',
(Flatpage, 'url__iexact', 'url')) # The flatpage_object
def my_view(request, url):
# ...</pre>
</div>
<p>See <a class="reference external" href="check_decorator.html#check-decorator"><em>Check permissions using the decorator</em></a> how the decorator works in detail.</p>
</div>
<div class="section" id="in-your-templates">
<h3>In your templates<a class="headerlink" href="#in-your-templates" title="Permalink to this headline">¶</a></h3>
<div class="highlight-python"><pre>{% ifhasperm "flatpage_permission.review_flatpage" request.user flatpage_object %}
Yay, you can change *this* flatpage!
{% else %}
Nope, sorry. You aren't allowed to change *this* flatpage.
{% endifhasperm %}</pre>
</div>
<p>See <a class="reference external" href="check_templates.html#check-templates"><em>Check permissions in templates</em></a> how the template tag works in detail.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar">
<div class="sphinxsidebarwrapper">
<p class="logo"><a href="index.html">
<img class="logo" src="_static/logo.png" alt="Logo"/>
</a></p>
<h3><a href="index.html">Table Of Contents</a></h3>
<ul>
<li><a class="reference external" href="">Create a per-object permission</a><ul>
<li><a class="reference external" href="#create-per-object-permissions">Create per-object permissions</a></li>
<li><a class="reference external" href="#attach-per-object-permissions-to-objects">Attach per-object permissions to objects</a></li>
<li><a class="reference external" href="#check-per-object-permissions">Check per-object permissions</a><ul>
<li><a class="reference external" href="#in-your-python-code">In your python code</a></li>
<li><a class="reference external" href="#using-the-view-decorator">Using the view decorator</a></li>
<li><a class="reference external" href="#in-your-templates">In your templates</a></li>
</ul>
</li>
</ul>
</li>
</ul>
<h4>Previous topic</h4>
<p class="topless"><a href="create_basic_permission.html"
title="previous chapter">Create a basic permission</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="create_custom_permission.html"
title="next chapter">Create a custom permission</a></p>
<div id="searchbox" style="display: none">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
<input type="text" name="q" size="18" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="create_custom_permission.html" title="Create a custom permission"
>next</a> |</li>
<li class="right" >
<a href="create_basic_permission.html" title="Create a basic permission"
>previous</a> |</li>
<li><a href="index.html">django-authority v0.4dev documentation</a> »</li>
</ul>
</div>
<div class="footer">
© Copyright 2009, the django-authority team.
Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 0.6.3.
</div>
</body>
</html>
