Configuration¶
There are two modes of usage the library:
- As a mixins that provide you a set of features.
- Application that autodiscover your objects permissions to apply them to your _Django_ application.
As third party application¶
First of all you should add django_object_authority to you INSTALLED_APPS settings.
INSTALLED_APPS = (
...
'django_object_authority',
)
Is needed override AUTHENTICATION_BACKENDS setting to add ObjectAuthorityBackend.
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.ModelBackend',
'django_object_authority.backends.ObjectAuthorityBackend',
]
For each model you want to custom the permission level is needed define a authorizations.py file and register the permission class.
@register(MyModel)
class MyModelAuthority(BaseUserObjectAuthorization):
def has_add_permission(self, user, obj):
return obj.owner == user
If you don’t override all BaseUserObjectAuthorization defined methods. The default behaviour is defined as a setting variable [Settings section].
BaseObjectAuthorization only implements has_object_permission method which check the object permission as default resource.
As mixins¶
You can use it only installing the package [Installation section] and include the mixin in your views.
from django.views.generic import ListView
from django_object_authority.mixins import AuthorizationMixin
class MyListView(AuthorizationMixin, ListView):
...
authorization_filter_class = MyAuthorityFilter
...