Hi everyone, I have been recently thinking about an object permission system. After reviewing Florian Apolloner (apollo13) patch for ticket #11010<http://code.djangoproject.com/ticket/11010> and reading his article at Django Advent<http://djangoadvent.com/1.2/object-permissions/>. I though about creating an Object Permission Rule Backend. The purpose of this message is explain you my idea, so I can receive feedback from Django users and developers. This way I would like to discern if it's worth coding it or if it's a good approach to a reusable solution.
I will reuse apollo's code to elaborate my idea. My Backend would look similar to: class ObjectPermBackend(object): supports_object_permissions = True supports_anonymous_user = True def authenticate(self, username, password): return None def has_perm(self, user_obj, perm, obj=None): if not user_obj.is_authenticated(): user_obj = User.objects.get(pk=settings.ANONYMOUS_USER_ID) if obj is None: return False ct = ContentType.objects.get_for_model(obj) try: perm = perm.split('.')[-1].split('_')[0] except IndexError: return False # Simplified rule system # Of course objects should extend an interface if (perm == "ownage") return obj.is_owned_by(user_obj) elif (perm == "edit") return obj.can_be_edited_by(user_obj) # Here be Dragons As I love decorators, I would like to create a permission_required decorator that accepted more than a parameter, so: @permission_required('app.code_name') would become @permission_required('app.code_name', FLAG) If the FLAG is set the decorator searches in the model associated to the content type of the permission, for the name of the field for the PK. For the example imagine idArticle. Now it instantiates an object of that model with Model.objects.get(pk=request.idArticle). So it would be necessary to match request parameters to model fileds (This is the best idea I've come up with). Once it has the right object, it passes it to the backend for permission checks. I know I could do a decorator like @own_article but I'm looking for a more reusable solution, that I would make open source and release at Github. What do you think? Is it feasible and well laid out? Thanks, best regards Miguel Araujo -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.