The entire DIP permissions system works based on roles. In other words, if you want to have permissions between a user and a certain object, you need to define a role for this relationship.
Creating your first Role class¶
First, supose that you have the following model in your
# myapp/models.py from django.db import models class Book(models.Model): title = models.CharField(max_length=256) content = models.TextField(max_length=1000) class Meta: permissions = ( ('read_book', 'Can Read Book'), ('review_book', 'Can Review Book') )
Notice that the permission statements inside models is exactly like the Django
Now, create a new file inside of any app of your project named
roles.py and implement as follows:
# myapp/roles.py from improved_permissions.roles import Role from myapp.models import Book class Author(Role): verbose_name = "Author" models = [Book] deny = ['myapp.review_book'] class Reviewer(Role): verbose_name = "Reviewer" models = [Book] allow = ['myapp.review_book']
Ready! You can now use the DIP functions to assign, remove, and check permissions.
Every time your project starts, we use an
autodiscover in order to validate and register your Role classes automatically. So, don’t worry about to do anything else.
Using the first shortcuts¶
Once you implement the role classes, you are ready to use our shortcuts. For example, let’s create a
Book object and an
Author role for a user:
from django.contrib.auth.models import User from improved_permissions.shortcuts import assign_role, has_permission, has_role from myapp.models import Book from myapp.roles import Author, Reviewer john = User.objects.get(pk=1) book = Book.objects.create(title='Nice Book', content='Such content.') has_role(john, Author, book) >>> False has_permission(john, 'myapp.read_book', book) >>> False assign_role(john, Author, book) has_role(john, Author, book) >>> True has_permission(john, 'myapp.read_book', book) >>> True has_permission(john, 'myapp.review_book', book) >>> False
You just met the shortcuts
has_permission. If you don’t get how they work, no problem. First, let’s understand all about implementing
Role classes in the next section.