#11010 closed (fixed)
Add a foundation for rowlevel permissions in Django
Reported by: | Florian Apolloner | Owned by: | Jannis Leidel |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Keywords: | ||
Cc: | Jannis Leidel, contact@…, vinilios@…, Florian Apolloner, nabucosound, Alexander Koshelev, mpjung@… | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Many sites would like to use rowlevel permissions, but it's not that easy to do that with Django currently. The minimal requirement would be to add that support to the usermodel and the auth backends. This would enable us to write our own rowlevel implementations easily.
I added a patch, where the only relevant change is that the backends need to support obj as last parameter; I don't like the idea of making that optional as I prefer it consistent. Although if you prefer another option, just tell me, this patch (although working) is more or less a concept of what's needed to be done.
Attachments (3)
Change History (26)
Changed 15 years ago by
Attachment: | rowlevel_permissions-r10674.diff added |
---|
comment:1 Changed 14 years ago by
Triage Stage: | Unreviewed → Design decision needed |
---|
comment:2 Changed 14 years ago by
Cc: | hv@… added |
---|
comment:3 Changed 14 years ago by
Cc: | Jannis Leidel added |
---|---|
Has patch: | set |
Needs tests: | set |
comment:4 Changed 14 years ago by
Needs documentation: | set |
---|---|
Patch needs improvement: | set |
Triage Stage: | Design decision needed → Accepted |
comment:5 follow-up: 8 Changed 14 years ago by
I made my own row level permission system based on this patch. It's still in a very early stage, but if needed I can share my findings.
comment:6 Changed 14 years ago by
Cc: | contact@… added |
---|
comment:7 Changed 14 years ago by
Cc: | vinilios@… added |
---|
comment:8 Changed 14 years ago by
Replying to contact@roelkramer.nl:
I made my own row level permission system based on this patch. It's still in a very early stage, but if needed I can share my findings.
Hi, I am working on this patch for 1.2 and it would be nice if you could share your backend; maybe we find something else to include or improve…
comment:9 Changed 14 years ago by
Owner: | changed from nobody to Florian Apolloner |
---|
comment:10 Changed 14 years ago by
Cc: | Florian Apolloner added |
---|
comment:11 Changed 14 years ago by
Cc: | nabucosound added |
---|
Changed 14 years ago by
Attachment: | rowlevel_perms@12123_#11010.diff added |
---|
comment:12 Changed 14 years ago by
Updated the patch after talking to jacob on irc, the deprecation ploicy is described too. Also moved tests from doctest to unittest
comment:13 Changed 14 years ago by
Cc: | Alexander Koshelev added |
---|
comment:14 Changed 14 years ago by
Cc: | mpjung@… added |
---|
Changed 14 years ago by
Attachment: | object_permissions_r11712_#11010.diff added |
---|
comment:15 Changed 14 years ago by
Needs documentation: | unset |
---|---|
Needs tests: | unset |
Patch needs improvement: | unset |
nearing „ready for checkin“ after talking to jacob again I guess ;)
comment:16 Changed 14 years ago by
Owner: | changed from Florian Apolloner to Jacob |
---|---|
Status: | new → assigned |
Triage Stage: | Accepted → Ready for checkin |
comment:18 Changed 14 years ago by
Owner: | changed from Jacob to Jannis Leidel |
---|---|
Status: | assigned → new |
Taking this ticket in preparation for sprint.
comment:19 Changed 14 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:20 Changed 14 years ago by
Will this be what's needed for security only (ie, block people without permissions to see some object), or will it help people who are developing SAAS with an Account model who have been going SomeModel.objects.filter(account=request.account)? Or, will this only work with the built in Auth system?
comment:21 Changed 14 years ago by
This ticket is closed and trac isn't for discussion, plz redirect your question to the appropriate mailing list
comment:22 Changed 13 years ago by
Cc: | hv@… removed |
---|
Setting to accepted after talking to jacobian and apollo13 in #django-dev.