django-rest-framework-fine-permissions
======================================
New permissions possibilities for rest-framework
Compatibility
-------------
Works with :
* Python 3.8, 3.9, 3.10
* Django 3.2
* Django Rest Framework >= 3.13
.. image:: https://travis-ci.org/unistra/django-rest-framework-fine-permissions.svg?branch=master
:target: https://travis-ci.org/unistra/django-rest-framework-fine-permissions
.. image:: https://coveralls.io/repos/github/unistra/django-rest-framework-fine-permissions/badge.svg?branch=master
:target: https://coveralls.io/github/unistra/django-rest-framework-fine-permissions?branch=master
.. image:: https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master/landscape.svg?style=flat
:target: https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master
:alt: Code Health
Installation
------------
Install the package from pypi :
.. code-block:: sh
pip install djangorestframework-fine-permissions
Configure your `settings.py` module :
.. code-block:: python
INSTALLED_APPS = (
...
'rest_framework_fine_permissions',
)
REST_FRAMEWORK = {
'DEFAULT_FILTER_BACKENDS': (
# Enable the filter permission backend for all GenericAPIView
'rest_framework_fine_permissions.filters.FilterPermissionBackend',
),
'DEFAULT_PERMISSION_CLASSES': (
# Enable the django model permissions (view,create,delete,modify)
'rest_framework_fine_permissions.permissions.FullDjangoModelPermissions',
# OPTIONAL if you use FilterPermissionBackend and GenericAPIView. Check filter permissions for objects.
'rest_framework_fine_permissions.permissions.FilterPermission',
)
}
Sync the django's database :
.. code-block:: sh
python manage.py syncdb
Edit your `urls.py` module :
.. code-block:: python
from django.conf.urls import url
from django.contrib import admin
from rest_framework_fine_permissions.urls import urlpatterns as drffp_urls
urlpatterns = [
url(r'^admin/', admin.site.urls),
]
urlpatterns += drffp_urls
Usage
-----
* Go to the django admin page
* Add field's permissions to a user with the "User fields permissions" link
* Add filter's permissions to a user with the "User filters permissions" link
Example
-------
``models.py`` :
.. code-block:: python
from django.db import models
from django.db.models import Sum
class PollsChoice(models.Model):
id = models.IntegerField(primary_key=True)
choice_text = models.CharField(max_length=200)
votes = models.IntegerField()
question = models.ForeignKey('PollsQuestion')
class Meta:
permissions = (('view_pollschoice', 'Can view pollschoice'),)
class PollsQuestion(models.Model):
id = models.IntegerField(primary_key=True)
question_text = models.CharField(max_length=200)
pub_date = models.DateTimeField()
class Meta:
permissions = (('view_pollsquestion', 'Can view pollsquestion'),)
@property
def sum_votes(self):
return self.pollschoice_set.aggregate(total=Sum('votes'))['total']
@property
def choices(self):
return self.pollschoice_set.all()
``serializers.py`` :
.. code-block:: python
import datetime
from django.utils import timezone
from rest_framework import serializers
from rest_framework_fine_permissions.fields import ModelPermissionsField
from rest_framework_fine_permissions.serializers import ModelPermissionsSerializer
from . import models
class PollsChoiceSerializer(ModelPermissionsSerializer):
class Meta:
model = models.PollsChoice
class PollsQuestionSerializer(ModelPermissionsSerializer):
was_published_recently = serializers.SerializerMethodField()
votes = serializers.IntegerField(source='sum_votes')
choices = ModelPermissionsField(PollsChoiceSerializer)
class Meta:
model = models.PollsQuestion
def get_was_published_recently(self, obj):
return obj.pub_date >= timezone.now() - datetime.timedelta(days=1)
``views.py`` :
.. code-block:: python
from . import models
from . import serializers
from rest_framework import generics
class PollsChoiceDetail(generics.RetrieveUpdateDestroyAPIView):
queryset = models.PollsChoice.objects.all()
serializer_class = serializers.PollsChoiceSerializer
``urls.py`` :
.. code-block:: python
from django.conf.urls import patterns, url
from rest_framework.urlpatterns import format_suffix_patterns
from . import views
urlpatterns = [,
url(r'^pollsquestion/(?P<pk>\w+)$', views.PollsQuestionDetail.as_view(), name='pollsquestion-all-detail'),
]
urlpatterns = format_suffix_patterns(urlpatterns, suffix_required=True)
Create a user without the staff and superuser status, and add him permissions :
.. image:: docs/admin1.png
Then add user field permissions :
.. image:: docs/admin2.png
You can finally call your webservice :
.. code-block:: sh
$ curl -X GET -H "Authorization: Token TOKEN" -H "Accept: application/json; indent=4" http://127.0.0.1/webservice/pollsquestion/1.json
{
"choices": [
{
"choice_text": "Yes",
"id": 1,
"votes": 5
},
{
"choice_text": "No",
"id": 2,
"votes": 2
}
],
"id": 1,
"pub_date": "2017-01-08T09:00:00",
"question_text": "Is this a question ?",
"votes": 7,
"was_published_recently": false
}
Import/Export
-------------
To export field's permissions, you can use the following command : ::
python manage.py fine_permissions_dump myuser > /tmp/myuserfieldsperms.json
To import field's permissions, you can use the following command : ::
python manage.py fine_permissions_load -u anotheruser /tmp/myuserfieldsperms.json
Raw data
{
"_id": null,
"home_page": "https://github.com/unistra/django-rest-framework-fine-permissions",
"name": "djangorestframework-fine-permissions",
"maintainer": "dnum-dip-unistra",
"docs_url": null,
"requires_python": "",
"maintainer_email": "dnum-dip@unistra.fr",
"keywords": "django,REST,rest_framework,permissions",
"author": "dnum-dip-unistra",
"author_email": "dnum-dip@unistra.fr",
"download_url": "https://files.pythonhosted.org/packages/fd/6d/f18b3aad91b5aa0063518e16fe62d651e3c3920e7cc050230d250ad82881/djangorestframework-fine-permissions-0.9.2.tar.gz",
"platform": null,
"description": "django-rest-framework-fine-permissions\n======================================\n\nNew permissions possibilities for rest-framework\n\nCompatibility\n-------------\n\nWorks with :\n\n * Python 3.8, 3.9, 3.10\n * Django 3.2\n * Django Rest Framework >= 3.13\n\n.. image:: https://travis-ci.org/unistra/django-rest-framework-fine-permissions.svg?branch=master\n :target: https://travis-ci.org/unistra/django-rest-framework-fine-permissions\n\n.. image:: https://coveralls.io/repos/github/unistra/django-rest-framework-fine-permissions/badge.svg?branch=master\n :target: https://coveralls.io/github/unistra/django-rest-framework-fine-permissions?branch=master\n\n.. image:: https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master/landscape.svg?style=flat\n :target: https://landscape.io/github/unistra/django-rest-framework-fine-permissions/master\n :alt: Code Health\n\n\nInstallation\n------------\n\nInstall the package from pypi :\n\n.. code-block:: sh\n\n pip install djangorestframework-fine-permissions\n\nConfigure your `settings.py` module :\n\n.. code-block:: python\n\n INSTALLED_APPS = (\n ...\n 'rest_framework_fine_permissions',\n )\n\n REST_FRAMEWORK = {\n 'DEFAULT_FILTER_BACKENDS': (\n # Enable the filter permission backend for all GenericAPIView\n 'rest_framework_fine_permissions.filters.FilterPermissionBackend',\n ),\n\n 'DEFAULT_PERMISSION_CLASSES': (\n # Enable the django model permissions (view,create,delete,modify)\n 'rest_framework_fine_permissions.permissions.FullDjangoModelPermissions',\n # OPTIONAL if you use FilterPermissionBackend and GenericAPIView. Check filter permissions for objects.\n 'rest_framework_fine_permissions.permissions.FilterPermission',\n )\n }\n\nSync the django's database :\n\n.. code-block:: sh\n\n python manage.py syncdb\n\nEdit your `urls.py` module :\n\n.. code-block:: python\n\n from django.conf.urls import url\n from django.contrib import admin\n from rest_framework_fine_permissions.urls import urlpatterns as drffp_urls\n\n urlpatterns = [\n url(r'^admin/', admin.site.urls),\n ]\n urlpatterns += drffp_urls\n\nUsage\n-----\n\n * Go to the django admin page\n * Add field's permissions to a user with the \"User fields permissions\" link\n * Add filter's permissions to a user with the \"User filters permissions\" link\n\nExample\n-------\n\n``models.py`` :\n\n.. code-block:: python\n\n from django.db import models\n from django.db.models import Sum\n\n class PollsChoice(models.Model):\n id = models.IntegerField(primary_key=True)\n choice_text = models.CharField(max_length=200)\n votes = models.IntegerField()\n question = models.ForeignKey('PollsQuestion')\n\n class Meta:\n permissions = (('view_pollschoice', 'Can view pollschoice'),)\n\n class PollsQuestion(models.Model):\n id = models.IntegerField(primary_key=True)\n question_text = models.CharField(max_length=200)\n pub_date = models.DateTimeField()\n\n class Meta:\n permissions = (('view_pollsquestion', 'Can view pollsquestion'),)\n\n @property\n def sum_votes(self):\n return self.pollschoice_set.aggregate(total=Sum('votes'))['total']\n\n @property\n def choices(self):\n return self.pollschoice_set.all()\n\n``serializers.py`` :\n\n.. code-block:: python\n\n import datetime\n from django.utils import timezone\n from rest_framework import serializers\n from rest_framework_fine_permissions.fields import ModelPermissionsField\n from rest_framework_fine_permissions.serializers import ModelPermissionsSerializer\n\n from . import models\n\n class PollsChoiceSerializer(ModelPermissionsSerializer):\n class Meta:\n model = models.PollsChoice\n\n class PollsQuestionSerializer(ModelPermissionsSerializer):\n was_published_recently = serializers.SerializerMethodField()\n votes = serializers.IntegerField(source='sum_votes')\n choices = ModelPermissionsField(PollsChoiceSerializer)\n\n class Meta:\n model = models.PollsQuestion\n\n def get_was_published_recently(self, obj):\n return obj.pub_date >= timezone.now() - datetime.timedelta(days=1)\n\n``views.py`` :\n\n.. code-block:: python\n\n from . import models\n from . import serializers\n from rest_framework import generics\n\n class PollsChoiceDetail(generics.RetrieveUpdateDestroyAPIView):\n queryset = models.PollsChoice.objects.all()\n serializer_class = serializers.PollsChoiceSerializer\n\n``urls.py`` :\n\n.. code-block:: python\n\n from django.conf.urls import patterns, url\n from rest_framework.urlpatterns import format_suffix_patterns\n from . import views\n\n urlpatterns = [,\n url(r'^pollsquestion/(?P<pk>\\w+)$', views.PollsQuestionDetail.as_view(), name='pollsquestion-all-detail'),\n ]\n urlpatterns = format_suffix_patterns(urlpatterns, suffix_required=True)\n\nCreate a user without the staff and superuser status, and add him permissions :\n\n.. image:: docs/admin1.png\n\nThen add user field permissions :\n\n.. image:: docs/admin2.png\n\nYou can finally call your webservice :\n\n.. code-block:: sh\n\n $ curl -X GET -H \"Authorization: Token TOKEN\" -H \"Accept: application/json; indent=4\" http://127.0.0.1/webservice/pollsquestion/1.json\n {\n \"choices\": [\n {\n \"choice_text\": \"Yes\",\n \"id\": 1,\n \"votes\": 5\n },\n {\n \"choice_text\": \"No\",\n \"id\": 2,\n \"votes\": 2\n }\n ],\n \"id\": 1,\n \"pub_date\": \"2017-01-08T09:00:00\",\n \"question_text\": \"Is this a question ?\",\n \"votes\": 7,\n \"was_published_recently\": false\n }\n\nImport/Export\n-------------\n\nTo export field's permissions, you can use the following command : ::\n\n python manage.py fine_permissions_dump myuser > /tmp/myuserfieldsperms.json\n\nTo import field's permissions, you can use the following command : ::\n\n python manage.py fine_permissions_load -u anotheruser /tmp/myuserfieldsperms.json\n\n\n",
"bugtrack_url": null,
"license": "",
"summary": "Field level permissions for Django REST Framework",
"version": "0.9.2",
"project_urls": {
"Download": "https://pypi.python.org/pypi/djangorestframework-fine-permissions",
"Homepage": "https://github.com/unistra/django-rest-framework-fine-permissions"
},
"split_keywords": [
"django",
"rest",
"rest_framework",
"permissions"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "209768951d541c3a4b8849f7d5ec55737bf2947e3e30219badcf9619be64037e",
"md5": "806626a193b5cde25a3f4eff48c893f6",
"sha256": "1f04bb6e801fbcf79b852b721df7a21c1e101a523a843d333e2f086ceebd4f41"
},
"downloads": -1,
"filename": "djangorestframework_fine_permissions-0.9.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "806626a193b5cde25a3f4eff48c893f6",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 26086,
"upload_time": "2023-07-18T12:21:24",
"upload_time_iso_8601": "2023-07-18T12:21:24.696508Z",
"url": "https://files.pythonhosted.org/packages/20/97/68951d541c3a4b8849f7d5ec55737bf2947e3e30219badcf9619be64037e/djangorestframework_fine_permissions-0.9.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "fd6df18b3aad91b5aa0063518e16fe62d651e3c3920e7cc050230d250ad82881",
"md5": "348f0d49c0c877b3029c25a66847142b",
"sha256": "be97aacdcfa59e04f41ea3fc214b0dd67f448d1ec8d9d39ce6fdb2c921e06840"
},
"downloads": -1,
"filename": "djangorestframework-fine-permissions-0.9.2.tar.gz",
"has_sig": false,
"md5_digest": "348f0d49c0c877b3029c25a66847142b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 103929,
"upload_time": "2023-07-18T12:21:26",
"upload_time_iso_8601": "2023-07-18T12:21:26.457894Z",
"url": "https://files.pythonhosted.org/packages/fd/6d/f18b3aad91b5aa0063518e16fe62d651e3c3920e7cc050230d250ad82881/djangorestframework-fine-permissions-0.9.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-07-18 12:21:26",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "unistra",
"github_project": "django-rest-framework-fine-permissions",
"travis_ci": true,
"coveralls": false,
"github_actions": false,
"requirements": [],
"tox": true,
"lcname": "djangorestframework-fine-permissions"
}
JSON
