Django equivalent of Rails cancan and devise

Question

I did projects with django back a while ago and switched to rails. I found lots of cool thing in rails. I need to add some features back to django project.

Are there  Django equivalent of Rails cancan and devise ?
Is there  Django equivalent of Rails scheduler gem?

UPDATE

For django permission framework I have to specify at each view something like

@permission_required('polls.can_vote')
def my_view

I prefer cancan's way I can manage all permissions in one place

  include CanCan::Ability

  def initialize(user)
    user ||= User.new # guest user (not logged in)
    if user.has_role? :admin
      can :manage, :all
    else
      can :manage, :all      
      cannot :users, Swimming::Student
    end   
  end

Answer 1

django-cancan is an authorization library for Django, inspired by Rails cancan.

First, you define per-user abilities:

def define_access_rules(user, rules):
    # Anybody can view published articles
    rules.allow('view', Article, published=True)

    if not user.is_authenticated:
        return 

    # ... grant other abilities to logged in user  

then you can use it in a view:

class ArticleDetailView(PermissionRequiredMixin, DetailView):
    def get_queryset():
        # this is how you can retrieve all objects that current user can access
        qs = self.request.ability.queryset_for('view', Article)
        return qs

    def has_permission(self):
        article = self.get_object()
        # this is how you can check if user can access an object
        return self.request.ability.can('view', article)

or in a template:

{% if ability|can:"change"|subject:article %}
    <a href="{% url 'article_edit' pk=article.id %}">Edit article</a>
{% endif %}

Answer 2

Djoser is a good package for handling Authentication and Password Reset stuff. It's an alternative to Devise in Django

Answer 3

Re permissions like cancan.

I'm using djang-rules and the end result looks/functions A LOT like cancan.

models/user.py

class User(AbstractBaseUser, PermissionsMixin):
    # ...
    def has_perm(self, name, obj=None):
        rset = self.__ruleset
        return rset.test_rule(name, self, obj)

    @property
    def __ruleset(self):
        from models.rules import (
            ManagerRuleSet, EmployeeRuleSet, GuestRuleSet
        )

        if self.group.is_manager:
            return ManagerRuleSet(self)
        elif self.group.is_employee:
            return EmployeeRuleSet(self)
        else:
            return GuestRuleSet(self)

models/rules.py

from rules import RuleSet


class InvalidUser(Exception):
    pass


class BaseRuleSet(RuleSet):
    def __init__(self, user):
        super()


class ManagerRuleSet(BaseRuleSet):
    def __init__(self, user):
        super()
        if user and not user.group.is_owner:
            raise InvalidUser("instantiated OwnerRuleSet with user in {} group",
                                    user.group.name)

        # Calendar permissions (pass appointment or schedule event)
        self.add_rule('calendar.can_view_calendar', rules.always_true)
        self.add_rule('calendar.can_manage_schedule',
                      is_own | has_accepted_invite)

example_view.py

def index(request, id):
    calendar = Calendar.objects.get(id=id)

    if not request.user.has_perm('calendar.can_manage_schedule', calendar):
        return HttpResponseForbidden()
    # ...

Answer 4

You can try to use Django’s builtin permission framework instead of cancan and devise. Does it fit your needs?

Celery is probably best thing for delaying and scheduling when working with Django. There is django-celery package which integrates Celery with Django.