On Fri, 2009-01-16 at 21:14 -0800, frankabel wrote: > Hi all, > > I'm newbie in Django so probably this is just a stupid error. After > read a lot of doc can't figure out how access a specific permission to > check it.
Custom permission stuff is fairly poorly documented at the moment. The information is kind of there, but we don't have any example fragments and it keeps talking about application permissions when they're specified on models without explaining why. It'd definitely a bit confusing (and one day we'll improve it). > > I wrote some model with a custom permission: > > # In test_app/models.py > def SomeModel(models.Model): > ... > class Meta: > Permissions( > 'custom_permission', 'Short Description.' > ) Firstly, that's not how you specify custom permissions. In fact, I'm surprised that doesn't raise some kind of error in Python. Have a look at http://docs.djangoproject.com/en/dev/ref/models/options/#permissions The syntax inside the Meta inner class is permissions = <sequence of two-element sequences> so a list of tuples or a tuple of tuples or a list of lists. But the "permissions = " bit is very important. You have to assign to the Meta.permissions attribute. Secondly, although permissions are specified on a model, they are actually stored on a per-application basis. So you should make sure that each custom permission you create is unique within that particular application. You then query if a user has that permission like this: if user.has_perm('testapp.custom_permission'): # ... That is, you pass a string to has_perm() which is the application name followed by the permission name. However, that isn't quite the full story. The above is how it works with Django's default authentication backend (and it's the contrib.auth application that actually does the permission checking). Other auth backends can implement what they accept as an argument to has_perm() in whatever way they choose. So in some case, you might well be passing in an object there. But that's slightly more advanced usage and only comes into play if you're using a custom authentication backend that provides its own permission handling code. As a general rule, the above (passing a string of <app_name>.<permission_name> to has_perm()) is all you'll need to remember. Regards, Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
