Base Django model to add access control, via groups, to objects.
Project description
What it does
django-group-access restricts access to records based on group membership. It does not manage finer grained permissions such as editing or deleting. If a user has access to a record, they have all permissions as defined by the django auth permissions.
Installation
Add ‘django_group_access’ to your INSTALLED_APPS in settings.py
Integration and use
Example: Installing to a single model and restricting access in a view
models.py
from django.db import models from django_group_access import registration
- class MyModel(models.Model):
name = models.CharField(max_length=24)
registration.register(MyModel)
MyModel will gain access_groups which is a ManyToManyField containing the groups that have access to each record.
MyModel will also gain ‘owner’ which is a ForeignKey to django.contrib.auth.models.User and is used to determine ownership of the record. To not use and ‘owner’ field, pass:
owner=False
to the call to register().
views.py
- def my_view(request):
records = MyModel.objects.accessible_by_user(request.user)
All related fields and reverse relationships for model instances in records will be filtered for the same user automatically.
Access to “parent” records can be determined by access the user has to “child” records. In the following example, if you have access to a Room you have access to the House it appears in.
from django.db import models from django_group_access import registration
- class House(models.Model):
address = models.CharField(max_length=128)
- class Room(models.Model):
house = models.ForeignKey(House) name = models.CharField(max_length=32)
registration.register(Room) registration.register(House, control_relation=’room’)
houses = House.objects.accessible_by_user(user_object)
The group model used for access control is AccessGroup. This is separate from the django auth Group for flexbility.
Public record mode
If you want to have all data public by default, and use the access groups to restrict access to individual records add the following to settings.py
DGA_UNSHARED_RECORDS_ARE_PUBLIC = True
Automatically restricting based on logged in user
Add ‘django_group_access.middleware.DjangoGroupAccessMiddleware’ to the MIDDLEWARE_CLASSES in settings.py. All access controlled models will be filtered based on the currently logged in user, meaning you do not have to call ‘accessible_by_user’ in your code. Anonymous users will see no records.
The middleware must be come after the AuthenticationMiddleware in the list of MIDDLEWARE_CLASSES.
Registering a model with ‘auto_filter=False’ will stop the automatic filtering for that model, meaning you will have to do it manually using ‘accessible_by_user’ in your code.
Access to unrestricted records
Registering a model with the option ‘unrestricted_manager=”manager_name”’ will create a manager on that model with unrestricted access to all records, even if you are using the automatic restriction based on the logged in user.
Example:
registration.register(MyModel, unrestricted_manager=’all_objects’)
all_records = MyModel.all_objects.all()
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file django-group-access-1.1.9.tar.gz
.
File metadata
- Download URL: django-group-access-1.1.9.tar.gz
- Upload date:
- Size: 16.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0ef2dd42fdf256634856cd1047d0dfd204cca76b18c408c974db238a8a513788 |
|
MD5 | e1a7fed514a71ad59c55ed6b7814f5f5 |
|
BLAKE2b-256 | d34f56ad1961670b2a1c851945c4b7f9e395b65e010cf82c1398c1c2bd366f4b |