Skip to content

Instantly share code, notes, and snippets.

@develmaycare
Created September 20, 2013 15:29
Show Gist options
  • Save develmaycare/6639293 to your computer and use it in GitHub Desktop.
Save develmaycare/6639293 to your computer and use it in GitHub Desktop.
This example demonstrates an ad-hoc system for object-level-permissions. See https://gist.github.com/bogeymin/6639176 for a django-guardian example. This example uses djorm and the array field for Postgres, so it is not portable, and comes with additional package requirements. But it should be much faster with few queries than with django-guardian.
class PermissionsModel(models.Model):
"""In this approach, permissions may be filtered directly using a queryset.
"""
objects = ExpressionManager()
groups = ArrayField(dbtype="int", null=True)
users = ArrayField(dbtype="int", null=True)
class ProjectPermissions(PermissionsModel):
"""Each object can have permissions. No use of ContentType required."""
project = models.OneToOneField("Project", related_name="permissions")
class Project(models.Model):
added_by = models.ForeignKey(User, related_name="added_by_projects")
assigned_to = models.ForeignKey(User, related_name="assigned_to_projects")
owned_by = models.ForeignKey(User, related_name="owned_by_projects")
is_private = models.BooleanField()
all_access = models.BooleanField()
departments = models.ForeignKey(Department)
restrict_access_by_default = models.BooleanField()
team_members = models.ManyToManyField(User, related_name="team_projects")
def _build_group_permissions(self):
permissions = list()
if self.all_access:
try:
group = Group.object.get(name="Everyone")
permissions.append(group)
return permissions
except Group.DoesNotExist:
# Would need to alert the user that the Everyone group does not exist.
pass
# Another option for team_members would be to create a Django Group for
# the project and add users to that group.
if self.departments and self.restrict_access_to_departments:
for department in self.departments.all():
permissions.append(department.pk)
return permissions
def _build_user_permissions(self):
permissions = list()
permissions.append(self.added_by.pk)
if self.is_private:
return permissions
if self.assigned_to:
permissions.append(self.assigned_to.pk)
if self.assigned_to:
permissions.append(self.assigned_to.pk)
if self.owned_by:
permissions.append(self.owned_by.pk)
if self.team_members:
for user in self.team_members.all():
permissions.append(user.pk)
return permissions
def save(self, *args, **kwargs):
super(Project, self).save(*args, **kwargs)
# Get or create a new permissions record.
try:
permissions = self.permissions
except ProjectPermissions.DoesNotExist:
permissions = ProjectPermissions(project=self)
permissions.users = self._build_user_permissions()
permissions.groups = self._build_group_permissions()
permissions.save()
def save(self, *args, **kwargs):
super(Project, self).save(*args, **kwargs)
# Get or create a new permissions record.
try:
permissions = self.permissions
except ProjectPermissions.DoesNotExist:
permissions = ProjectPermissions(project=self)
permissions.users = self._build_user_permissions()
permissions.groups = self._build_group_permissions()
permissions.save()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment