CODEWITHSUNDEEP
djangodjango-modelsrbac
Goro
Goro

Reputation: 10249

Django per-object permissions

I have users that each are associated with a list of real estate properties they are allowed to access. Multiple users may have permission to view the same site.

How would I set this up in django?

I have the:

class UserProfile(models.Model):
    user = models.OneToOneField(User)
    last_session_time_online = models.IntegerField()
    total_time_online = models.IntegerField()
    def __unicode__(self):
        return self.user

and the 

class Site(models.Model):
    site_name = models.CharField(max_length = 512)
    ...Other stuff...
    def __unicode__(self):
        return self.user

Upvotes: 11

Views: 7308

Answers (4)

Goro
Goro

Reputation: 10249

Plenty of plugins here that do this.

Upvotes: 1

Sameerk129
Sameerk129

Reputation: 31

Try Django-Guradian. You can use it to assign object level permissions to Users/Groups.

Upvotes: 1

Micah Walter
Micah Walter

Reputation: 958

Django now supports object permissions. Besides Handling Object Permissions, which has been linked to in another answer, the REST Framework guide to permissions is worth reading.

You will want to add code to the Meta subclass of your model for each permission:

class Meta:
    permissions = (
        ('edit_this_model', 'Edit this model'),
    )

If you are using south, you may need to run manage.py syncdb --all after updating the model.

To test if a user is authenticated, use a command such as this:

user.has_perm('your_app_name. edit_this_model')

Upvotes: 2

Elf Sternberg
Elf Sternberg

Reputation: 16361

This is basic many-to-many stuff:

 class Site(models.Model):
     site_name = models.CharField(max_length = 512)
     allowed_users = models.ManyToManyField(User)

 ...

 sam = User.objects.get(username = 'sam')
 frodo = User.objects.get(username = 'frodo')

 hobbithole = Site.objects.get(site_name = 'The Hobbit Hole')
 hobbithole.allowed_users.add(sam, frodo)

 frodo.site_set.all() # Should return "The Hobbit Hole" object, and any other place frodo's allowed to visit.

 somesite.allowed_users.exists(user = frodo) # returns True if frodo is in the site's set of allowed users.

If you don't want to clutter Site, you can also create an intermediate "through" table. That creates a layer of indirection, but allows you to add things to the through table like degrees of permission, if you want. You can use the auth module's groups feature on that table to define "groups that have access to the keys" and "groups that can modify the property" and so on.

Many To Many Fields in Django

Upvotes: 7

Related Questions