Django

Code

Ticket #11010 (closed: fixed)

Opened 11 months ago

Last modified 2 months ago

Add a foundation for rowlevel permissions in Django

Reported by: apollo13 Assigned to: jezdez
Milestone: 1.2 Component: Authentication
Version: SVN Keywords:
Cc: hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13, nabucosound, alexkoshelev, mpjung@terreon.de Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

Many sites would like to use rowlevel permissions, but it's not that easy to do that with Django currently. The minimal requirement would be to add that support to the usermodel and the auth backends. This would enable us to write our own rowlevel implementations easily.

I added a patch, where the only relevant change is that the backends need to support obj as last parameter; I don't like the idea of making that optional as I prefer it consistent. Although if you prefer another option, just tell me, this patch (although working) is more or less a concept of what's needed to be done.

Attachments

rowlevel_permissions-r10674.diff (8.2 kB) - added by apollo13 on 05/05/09 04:17:15.
rowlevel_perms@12123_#11010.diff (16.6 kB) - added by apollo13 on 11/01/09 07:21:45.
object_permissions_r11712_#11010.diff (12.8 kB) - added by apollo13 on 11/03/09 09:55:33.

Change History

05/05/09 04:17:15 changed by apollo13

  • attachment rowlevel_permissions-r10674.diff added.

06/17/09 18:01:05 changed by SmileyChris

  • needs_better_patch changed.
  • stage changed from Unreviewed to Design decision needed.
  • needs_tests changed.
  • needs_docs changed.

08/20/09 09:47:00 changed by guettli

  • cc set to hv@tbz-pariv.de.

10/09/09 09:51:36 changed by jezdez

  • cc changed from hv@tbz-pariv.de to hv@tbz-pariv.de, jezdez.
  • has_patch set to 1.
  • needs_tests set to 1.

10/09/09 09:54:21 changed by jezdez

  • needs_better_patch set to 1.
  • stage changed from Design decision needed to Accepted.
  • needs_docs set to 1.

Setting to accepted after talking to jacobian and apollo13 in #django-dev.

(follow-up: ↓ 8 ) 10/14/09 04:32:42 changed by contact@roelkramer.nl

I made my own row level permission system based on this patch. It's still in a very early stage, but if needed I can share my findings.

10/19/09 14:32:33 changed by anonymous

  • cc changed from hv@tbz-pariv.de, jezdez to hv@tbz-pariv.de, jezdez, contact@roelkramer.nl.

10/23/09 03:14:43 changed by anonymous

  • cc changed from hv@tbz-pariv.de, jezdez, contact@roelkramer.nl to hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com.

(in reply to: ↑ 5 ) 10/26/09 11:10:30 changed by apollo13

Replying to contact@roelkramer.nl:

I made my own row level permission system based on this patch. It's still in a very early stage, but if needed I can share my findings.

Hi, I am working on this patch for 1.2 and it would be nice if you could share your backend; maybe we find something else to include or improve…

10/26/09 11:10:40 changed by apollo13

  • owner changed from nobody to apollo13.

10/27/09 07:46:37 changed by apollo13

  • cc changed from hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com to hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13.

10/30/09 05:46:41 changed by nabucosound

  • cc changed from hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13 to hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13, nabucosound.

11/01/09 07:21:45 changed by apollo13

  • attachment rowlevel_perms@12123_#11010.diff added.

11/01/09 07:22:28 changed by apollo13

Updated the patch after talking to jacob on irc, the deprecation ploicy is described too. Also moved tests from doctest to unittest

11/01/09 13:40:24 changed by alexkoshelev

  • cc changed from hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13, nabucosound to hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13, nabucosound, alexkoshelev.

11/02/09 07:24:40 changed by Michael P. Jung

  • cc changed from hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13, nabucosound, alexkoshelev to hv@tbz-pariv.de, jezdez, contact@roelkramer.nl, vinilios@gmail.com, apollo13, nabucosound, alexkoshelev, mpjung@terreon.de.

11/03/09 09:55:33 changed by apollo13

  • attachment object_permissions_r11712_#11010.diff added.

11/03/09 09:57:06 changed by apollo13

  • needs_better_patch deleted.
  • needs_tests deleted.
  • needs_docs deleted.

nearing „ready for checkin“ after talking to jacob again I guess ;)

11/03/09 09:59:26 changed by jacob

  • owner changed from apollo13 to jacob.
  • status changed from new to assigned.
  • stage changed from Accepted to Ready for checkin.

11/13/09 17:32:49 changed by xonatius

What about anonymous user? It still return False on has_perm?

12/09/09 18:21:07 changed by jezdez

  • owner changed from jacob to jezdez.
  • status changed from assigned to new.

Taking this ticket in preparation for sprint.

12/09/09 19:05:35 changed by jezdez

  • status changed from new to closed.
  • resolution set to fixed.

(In [11807]) Fixed #11010 - Add a foundation for object permissions to authentication backends. Thanks to Florian Apolloner for writing the initial patch.

01/25/10 16:16:05 changed by orokusaki

Will this be what's needed for security only (ie, block people without permissions to see some object), or will it help people who are developing SAAS with an Account model who have been going SomeModel?.objects.filter(account=request.account)? Or, will this only work with the built in Auth system?

01/25/10 16:17:13 changed by apollo13

This ticket is closed and trac isn't for discussion, plz redirect your question to the appropriate mailing list

Add/Change #11010 (Add a foundation for rowlevel permissions in Django)




Change Properties
Action