Actually I had slightly incorrect term:
I need _field_ (column) level permissions, not object (row) level
permissions.
6.2.2013 8:36, Jani Tiainen kirjoitti:
No it's not, it's more like enhancement to standard Django permissions
that works with predefined "named" permissions.
But I need to actually look data of instance and using that to check
does user have permission to access instance.
Let's make this slightly simpler:
I have a plan model:
class Plan(models.Model):
name = models.TextField(max_length=200)
and I've Entity model:
class Entity(models.Model):
name = models.TextField(max_length=200, unique=True)
plan = models.ForeignKey(Plan, null=True, blank=True)
is_public = models.BooleanField(default=True)
location = models.PolygonField(srid=4326)
now I have user A that has access to entities belonging to plans named
"foo" and "bar" that are inside user working area (location is within
some polygon) and all entities that are marked as public.
So I need to construct query that is something like this to get queryset
containing only objects that user has permission to:
Entity.objects.filter(
Q(Q(plan__name__in=user.allowed_plans.all() &
Q(location__within=user.working_area)) | Q(is_public=True)
)
It would be simple if all attributes would be on model only but some of
my real models are really complex and needs to go quite deep in the
relations to find out does user has access to object or not.
That's why I would actually use standard django authorization mechanism
and there always delegate checking to model instance that can tell does
user have permission or not to access this object.
5.2.2013 21:00, Nikolas Stevenson-Molnar kirjoitti:
If I understand correctly, that's exactly what it's for:
https://code.osuosl.org/projects/object-permissions/wiki/Using#Checking-Perms
_Nik
On 2/4/2013 10:17 PM, Jani Tiainen wrote:
Afaik object-permission works reverse what I need - it adds spesific
permissions to groups/users to single object. But I need to check
(mostly through foreign keys and/or spatial relation) does user has
permission to see that data or not.
--
Jani Tiainen
- Well planned is half done and a half done has been sufficient before...
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
