The license is a 3-clause BSD style license, it's compatible with Django's license as far as I know.
On Sep 30, 1:55 pm, Miguel Araujo <muchoch...@gmail.com> wrote: > Hi Michael, > > I have been looking at your project, django.extauth and I have to say I > really like its architecture and permission handling. I have to say that my > rule system is kind of the same thing of your role system, except mine is > less flexible. I'm going to look a little bit the code, install it and see > if I can help you with anything. > > Only thing that cached my eye is that code is Copyrighted. Why not using an > Open-source license? > > Thanks for your mail, regards > Miguel Araujo > > 2010/9/30 mhall119 <mhall...@gmail.com> > > > > > I've recently open-sourced some code that I developed for my work > > projects that may do at least part of what you need: > >http://bitbucket.org/mhall119/django-extauth/wiki/Home > > > The basic idea is that you define a "role" that is a relationship > > between a user and an instance of a given Model. With your example, > > you would created an "owner" role for your model, that somehow links > > the user instance to the model instance. Usually you do this directly > > via a ForeignKey in your model, but they can be as complex as you want > > them to be. > > > On Sep 30, 9:50 am, Miguel Araujo <muchoch...@gmail.com> wrote: > > > Hi everyone, > > > > I have been recently thinking about an object permission system. After > > > reviewing Florian Apolloner (apollo13) patch for ticket > > > #11010<http://code.djangoproject.com/ticket/11010> and > > > reading his article at Django > > > Advent<http://djangoadvent.com/1.2/object-permissions/>. > > > I though about creating an Object Permission Rule Backend. The purpose of > > > this message is explain you my idea, so I can receive feedback from > > Django > > > users and developers. This way I would like to discern if it's worth > > coding > > > it or if it's a good approach to a reusable solution. > > > > I will reuse apollo's code to elaborate my idea. My Backend would look > > > similar to: > > > > class ObjectPermBackend(object): > > > supports_object_permissions = True > > > supports_anonymous_user = True > > > > def authenticate(self, username, password): > > > return None > > > > def has_perm(self, user_obj, perm, obj=None): > > > if not user_obj.is_authenticated(): > > > user_obj = User.objects.get(pk=settings.ANONYMOUS_USER_ID) > > > > if obj is None: > > > return False > > > > ct = ContentType.objects.get_for_model(obj) > > > > try: > > > perm = perm.split('.')[-1].split('_')[0] > > > except IndexError: > > > return False > > > > # Simplified rule system > > > # Of course objects should extend an interface > > > if (perm == "ownage") > > > return obj.is_owned_by(user_obj) > > > > elif (perm == "edit") > > > return obj.can_be_edited_by(user_obj) > > > > # Here be Dragons > > > > As I love decorators, I would like to create a permission_required > > decorator > > > that accepted more than a parameter, so: > > > > @permission_required('app.code_name') would > > > become @permission_required('app.code_name', FLAG) > > > > If the FLAG is set the decorator searches in the model associated to the > > > content type of the permission, for the name of the field for the PK. For > > > the example imagine idArticle. Now it instantiates an object of that > > model > > > with Model.objects.get(pk=request.idArticle). So it would be necessary to > > > match request parameters to model fileds (This is the best idea I've come > > up > > > with). Once it has the right object, it passes it to the backend for > > > permission checks. > > > > I know I could do a decorator like @own_article but I'm looking for a > > more > > > reusable solution, that I would make open source and release at Github. > > > > What do you think? Is it feasible and well laid out? > > > > Thanks, best regards > > > Miguel Araujo > > > -- > > You received this message because you are subscribed to the Google Groups > > "Django users" group. > > To post to this group, send email to django-us...@googlegroups.com. > > To unsubscribe from this group, send email to > > django-users+unsubscr...@googlegroups.com<django-users%2bunsubscr...@google > > groups.com> > > . > > For more options, visit this group at > >http://groups.google.com/group/django-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
