Skip to main content

Base Django model to add access control, via groups, to objects.

Project description

What it does

django-group-access restricts access to records based on group membership. It does not manage finer grained permissions such as editing or deleting. If a user has access to a record, they have all permissions as defined by the django auth permissions.

Installation

Add ‘django_group_access’ to your INSTALLED_APPS in settings.py

Integration and use

Example: Installing to a single model and restricting access in a view

models.py

from django.db import models from django_group_access import registration

class MyModel(models.Model):

name = models.CharField(max_length=24)

registration.register(MyModel)

MyModel will gain access_groups which is a ManyToManyField containing the groups that have access to each record.

views.py

def my_view(request):

records = MyModel.objects.accessible_by_user(request.user)

All related fields and reverse relationships for model instances in records will be filtered for the same user automatically.

Access to “parent” records can be determined by access the user has to “child” records. In the following example, if you have access to a Room you have access to the House it appears in.

from django.db import models from django_group_access import registration

class House(models.Model):

address = models.CharField(max_length=128)

class Room(models.Model):

house = models.ForeignKey(House) name = models.CharField(max_length=32)

registration.register(Room) registration.register(House, control_relation=’room’)

houses = House.objects.accessible_by_user(user_object)

The group model used for access control is AccessGroup. This is separate from the django auth Group for flexbility.

Sharing records

obj = MyModel.objects.accessible_by_user(user_object)[0] group_i_want_to_share_with = AccessGroup.objects.get(name=’Friends’)

obj.access_groups.add(group_i_want_to_share_with)

obj would then become visible to members of the ‘Friends’ AccessGroup.

For ease of sharing data between groups, AccessGroup has a property called auto_share_groups. This is a list of AccessGroups that records owned by the group will automatically be shared with.

Automatically restricting based on logged in user

Add ‘django_group_access.middleware.DjangoGroupAccessMiddleware’ to the MIDDLEWARE_CLASSES in settings.py. All access controlled models will be filtered based on the currently logged in user, meaning you do not have to call ‘accessible_by_user’ in your code. Anonymous users will see no records.

The middleware must be come after the AuthenticationMiddleware in the list of MIDDLEWARE_CLASSES.

Registering a model with ‘auto_filter=False’ will stop the automatic filtering for that model, meaning you will have to do it manually using ‘accessible_by_user’ in your code.

Access to unrestricted records

Registering a model with the option ‘unrestricted_manager=”manager_name”’ will create a manager on that model with unrestricted access to all records, even if you are using the automatic restriction based on the logged in user.

Example:

registration.register(MyModel, unrestricted_manager=’all_objects’)

all_records = MyModel.all_objects.all()

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-group-access-1.0.0.tar.gz (12.9 kB view details)

Uploaded Source

File details

Details for the file django-group-access-1.0.0.tar.gz.

File metadata

File hashes

Hashes for django-group-access-1.0.0.tar.gz
Algorithm Hash digest
SHA256 e0b407c98a23c7b4437c2d83f9f74e217a3aea84d7adaf983d29281509637f29
MD5 c3e2a7af0b5b7fff9efe8eb5af212dce
BLAKE2b-256 490b6337197a60921d08bece28362ae68cbc88e85adf3cb700b2d9c0f0fbdcd7

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page