Chuck Harmstron, Thanks for the warm welcome and the good advice. I saw that row-level permissions came out with 1.2, but I wasn't sure exactly what it was so thank you for the clarification. While I try and figure it out for my site I will move any questions about how to implement it over to django-users. Thanks again for the references, they really help.
Since the backend is already done for managing row level permissions, what if there was a way to manage some of the simple ones from the admin. Just like you can create groups and users I think it would be useful to have a tool to add row level permissions to groups. This would be really useful for the project I am working on. If the community feels the same way I could start preparing now so I can apply for GSoC on this feature later this year. I know GSoC is a little down the road but I thought if I got started working with Django earilier I would have a greater chance of getting accepted. Has something like this already been planned? Thanks, Hancock On Sat, Dec 18, 2010 at 11:57 PM, Chuck Harmston <[email protected]>wrote: > Hi James, > > Welcome to Django! > > The terminology that you're looking for is either "row-level permissions" > or "object permissions." At a simple level, it allows you to define methods > that return a boolean indicating whether the user should be able to > add/view/change/delete the object. Fortunately this is already built into > Django (as of 1.2), so we're veering into django-users territory. There are > two ways to go about it: > > 1. contrib.admin.ModelAdmin has three methods that implement this > functionality within contrib.admin: has_add_permission() [1], > has_change_permission() [2], and has_delete_permission() [3]. You can > easily > override these methods (which are passed the request and object) in the > subclass, though you may want to incorporate a super() call to preserve the > default permissions [4] behavior. > 2. You can also handle this at the authentication backend level. This > is enabled by creating a custom backend with the > supports_object_permissions > property set to True. When this is True, > backend.get_group_permissions(), backend.has_perm(), > and backend.get_all_permissions() are passed additional parameters (the > User > object and object in question). Your custom backend should override these > functions to provide the default behavior. This is detailed in the docs [5] > and contrib.auth code [6]. > > You can take this an additional level and add field-level permissions—that > is, controlled access to specific fields on models—to contrib.admin [7]. > > Hope this helps! > > Chuck > > > [1] > http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L301 > [2] > http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L306 > [3] > http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/options.py#L317 > [4] http://docs.djangoproject.com/en/dev/topics/auth/#permissions > <http://docs.djangoproject.com/en/dev/topics/auth/#permissions>[5] > http://docs.djangoproject.com/en/dev/topics/auth/#handling-object-permissions > <http://docs.djangoproject.com/en/dev/topics/auth/#handling-object-permissions> > [6a] > http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/backends.py > [6b] > http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/models.py > [7] https://github.com/chuckharmston/django-fieldlevel-permissions > > On Sat, Dec 18, 2010 at 3:05 AM, James Hancock <[email protected]>wrote: > >> Django Developers, >> >> This is my first post on Django-dev, so I thought I would start with a >> short introduction. >> >> My name is James Hancock, and I love python. Right now I live in >> Japan, and am developing an application for managing volunteer english >> classes throughout the country. (You can see the site at www.goeigo.org.) >> Obviously, the development is done in Django. As I have been >> developing the site I have really wished that Django would have one >> feature. >> >> Being able to grant permission to view, update, and create objects >> based on a subset of the models, rather than giving access to all of >> them. I don't know if this is correct terminology, but I like to think >> of it as adding rules to the permissions. So a teacher has permissions >> to see students, but only on the rule that they are signed up for his >> class. This would really help my project and I think that it would >> help others as well. >> >> I have a lot of time this summer to really get into coding when I get >> back to the States, and I was thinking about submitting the idea for a >> Google Summer of Code project. >> >> My questions are. >> >> 1. What Experience would I need in order to tackle a feature like >> this? >> >> 2. What is the general feel about the inclusion of a feature like >> this? >> >> Cheers, >> James Hancock >> >> @Andrew Ball >> I saw you posted something about this a while back and said you have a >> home grown system to manage this. What kind of functionality has >> worked for you? I would be very interested to hear how it has worked >> in the real world for you. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django developers" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<django-developers%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/django-developers?hl=en. >> >> > > > -- > * > Chuck Harmston > * > [email protected] > http://chuckharmston.com > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<django-developers%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
