I developed https://bitbucket.org/mhall119/django-extauth/wiki/Home to accomplish this same kind of scenario, it can either be used as a Django 1.2 backend with support for object/row level permissions, or using it's own API on earlier versions of Django.
-- Michael <[email protected]> On Sat, 2010-12-18 at 08:57 -0600, Chuck Harmston wrote: > Hi James, > > > Welcome to Django! > > > The terminology that you're looking for is either "row-level > permissions" or "object permissions." At a simple level, it allows you > to define methods that return a boolean indicating whether the user > should be able to add/view/change/delete the object. Fortunately this > is already built into Django (as of 1.2), so we're veering into > django-users territory. There are two ways to go about it: > 1. contrib.admin.ModelAdmin has three methods that implement this > functionality within contrib.admin: has_add_permission() [1], > has_change_permission() [2], and has_delete_permission() [3]. > You can easily override these methods (which are passed the > request and object) in the subclass, though you may want to > incorporate a super() call to preserve the default permissions > [4] behavior. > 2. You can also handle this at the authentication backend level. > This is enabled by creating a custom backend with the > supports_object_permissions property set to True. When this is > True, backend.get_group_permissions(), backend.has_perm(), > and backend.get_all_permissions() are passed additional > parameters (the User object and object in question). Your > custom backend should override these functions to provide the > default behavior. This is detailed in the docs [5] and > contrib.auth code [6]. > You can take this an additional level and add field-level permissions— > that is, controlled access to specific fields on models—to > contrib.admin [7]. > > > Hope this helps! > > > Chuck > > > > > [1] > http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L301 > [2] > http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L306 > [3] > http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L317 > [4] http://docs.djangoproject.com/en/dev/topics/auth/#permissions > [5] > http://docs.djangoproject.com/en/dev/topics/auth/#handling-object-permissions > [6a] > http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/backends.py > [6b] > http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py > [7] https://github.com/chuckharmston/django-fieldlevel-permissions > > On Sat, Dec 18, 2010 at 3:05 AM, James Hancock <[email protected]> > wrote: > Django Developers, > > This is my first post on Django-dev, so I thought I would > start with a > short introduction. > > My name is James Hancock, and I love python. Right now I live > in > Japan, and am developing an application for managing volunteer > english > classes throughout the country. (You can see the site at > www.goeigo.org.) > Obviously, the development is done in Django. As I have been > developing the site I have really wished that Django would > have one > feature. > > Being able to grant permission to view, update, and create > objects > based on a subset of the models, rather than giving access to > all of > them. I don't know if this is correct terminology, but I like > to think > of it as adding rules to the permissions. So a teacher has > permissions > to see students, but only on the rule that they are signed up > for his > class. This would really help my project and I think that it > would > help others as well. > > I have a lot of time this summer to really get into coding > when I get > back to the States, and I was thinking about submitting the > idea for a > Google Summer of Code project. > > My questions are. > > 1. What Experience would I need in order to tackle a feature > like > this? > > 2. What is the general feel about the inclusion of a feature > like > this? > > Cheers, > James Hancock > > @Andrew Ball > I saw you posted something about this a while back and said > you have a > home grown system to manage this. What kind of functionality > has > worked for you? I would be very interested to hear how it has > worked > in the real world for you. > > -- > You received this message because you are subscribed to the > Google Groups "Django developers" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > > > > -- > Chuck Harmston > [email protected] > http://chuckharmston.com > > > > -- > You received this message because you are subscribed to the Google > Groups "Django developers" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to django-developers > [email protected]. > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
