Skip to content

Releases: mesemus/django-rest-delegated-permissions

Support for custom getter of delegated objects

01 Jun 04:53
@mesemus mesemus
1.1.0
f920af6
Compare
Choose a tag to compare
Support for custom getter of delegated objects Latest
Latest

This getter is usable for checking permissions of "create" methods, especially in combination with rest_framework_nested.

Real world example

In the example below, EducationAreaViewSet is nested inside the StudyProgrammeViewSet (study programme has many education areas). The url of the EducationAreaViewSet is:

/programmes/<programme_pk>/education-areas/...

We want all operations on EducationArea to be checked against the containing StudyProgramme.
To differentiate the actions (such as update) on EducationArea and on StudyProgramme in permission handlers defined on StudyProgramme we map all operations on EducationArea to a virtual 'edit_education_area' action and send this to StudyProgramme permissions instead. The mapping parameter can be a dict if one needs to differentiate the actions.

from rest_delegated_permissions import DelegatedPermission, kwargs_delegated_object_getter
from rest_framework_nested import routers
from angular_dynamic_forms import AngularFormMixin, autocomplete, AutoCompleteMixin

@perms.apply(permissions=[
    DelegatedPermission(perms, 'programmes', mapping='edit_education_area',
                        delegated_objects_getter=kwargs_delegated_object_getter(
                            {'programmes': 'programme_pk'}
                        )),
])
class EducationAreaViewSet(AutoCompleteMixin, AngularFormMixin, viewsets.ModelViewSet):
    # its 'programmes' m2m point to StudyProgramme model
    model = EducationArea     
    serializer_class = EducationAreaSerializer
    ...

@perms.apply(permissions=[
    OpenIDPermission('http://vscht.cz/openid#permission-studyprogrammes-edit',
                     perms={..., 'edit_education_area', ...}),
    OwnerPermission(owner_username_path='studyprogrammepersonrole__person__user__username',
                    extra_filter=Q(studyprogrammepersonrole__role__in=(
                            StudyProgrammePersonRole.GUARANTEE,
                            StudyProgrammePersonRole.COOPERATING
                    )),
                    perms={... 'edit_education_area' ...})
    AuthenticatedReadPermission()
])
class StudyProgrammeViewSet(...)
...

programmes_router = DefaultRouter()
programmes_router.register(r'programmes', StudyProgrammeViewSet)

education_area_router = routers.NestedSimpleRouter(programmes_router,
    r'accreditations/study_programme/programmes', lookup='programme')
education_area_router.register(r'education-areas', EducationAreaViewSet,
    base_name='study-programmes-education-areas')
Assets 2
Loading

Reusing queryset

22 Nov 12:18
@mesemus mesemus
0.5.5.1
8dbbd7d
Compare
Choose a tag to compare
Reusing queryset

Reusing queryset if it is declared on a viewset

Assets 2
Loading

initial release to pypi

20 Nov 18:09
@mesemus mesemus
0.5.5
e132b68
Compare
Choose a tag to compare
initial release to pypi 
Merge branch 'master' of github.com:mesemus/django-rest-delegated-per…

…missions
Assets 2
Loading