Hi James, Welcome to Django!
The terminology that you're looking for is either "row-level permissions" or "object permissions." At a simple level, it allows you to define methods that return a boolean indicating whether the user should be able to add/view/change/delete the object. Fortunately this is already built into Django (as of 1.2), so we're veering into django-users territory. There are two ways to go about it: 1. contrib.admin.ModelAdmin has three methods that implement this functionality within contrib.admin: has_add_permission() [1], has_change_permission() [2], and has_delete_permission() [3]. You can easily override these methods (which are passed the request and object) in the subclass, though you may want to incorporate a super() call to preserve the default permissions [4] behavior. 2. You can also handle this at the authentication backend level. This is enabled by creating a custom backend with the supports_object_permissions property set to True. When this is True, backend.get_group_permissions(), backend.has_perm(), and backend.get_all_permissions() are passed additional parameters (the User object and object in question). Your custom backend should override these functions to provide the default behavior. This is detailed in the docs [5] and contrib.auth code [6]. You can take this an additional level and add field-level permissions—that is, controlled access to specific fields on models—to contrib.admin [7]. Hope this helps! Chuck [1] http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L301 [2] http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L306 [3] http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L317 [4] http://docs.djangoproject.com/en/dev/topics/auth/#permissions <http://docs.djangoproject.com/en/dev/topics/auth/#permissions>[5] http://docs.djangoproject.com/en/dev/topics/auth/#handling-object-permissions <http://docs.djangoproject.com/en/dev/topics/auth/#handling-object-permissions> [6a] http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/backends.py [6b] http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py [7] https://github.com/chuckharmston/django-fieldlevel-permissions On Sat, Dec 18, 2010 at 3:05 AM, James Hancock <[email protected]> wrote: > Django Developers, > > This is my first post on Django-dev, so I thought I would start with a > short introduction. > > My name is James Hancock, and I love python. Right now I live in > Japan, and am developing an application for managing volunteer english > classes throughout the country. (You can see the site at www.goeigo.org.) > Obviously, the development is done in Django. As I have been > developing the site I have really wished that Django would have one > feature. > > Being able to grant permission to view, update, and create objects > based on a subset of the models, rather than giving access to all of > them. I don't know if this is correct terminology, but I like to think > of it as adding rules to the permissions. So a teacher has permissions > to see students, but only on the rule that they are signed up for his > class. This would really help my project and I think that it would > help others as well. > > I have a lot of time this summer to really get into coding when I get > back to the States, and I was thinking about submitting the idea for a > Google Summer of Code project. > > My questions are. > > 1. What Experience would I need in order to tackle a feature like > this? > > 2. What is the general feel about the inclusion of a feature like > this? > > Cheers, > James Hancock > > @Andrew Ball > I saw you posted something about this a while back and said you have a > home grown system to manage this. What kind of functionality has > worked for you? I would be very interested to hear how it has worked > in the real world for you. > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<django-developers%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- * Chuck Harmston * [email protected] http://chuckharmston.com -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
