Opened 15 years ago

Closed 14 years ago

Last modified 12 years ago

#11010 closed (fixed)

Add a foundation for rowlevel permissions in Django

Reported by: Florian Apolloner Owned by: Jannis Leidel
Component: contrib.auth Version: dev
Severity: Keywords:
Cc: Jannis Leidel, contact@…, vinilios@…, Florian Apolloner, nabucosound, Alexander Koshelev, mpjung@… Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Many sites would like to use rowlevel permissions, but it's not that easy to do that with Django currently. The minimal requirement would be to add that support to the usermodel and the auth backends. This would enable us to write our own rowlevel implementations easily.

I added a patch, where the only relevant change is that the backends need to support obj as last parameter; I don't like the idea of making that optional as I prefer it consistent. Although if you prefer another option, just tell me, this patch (although working) is more or less a concept of what's needed to be done.

Attachments (3)

rowlevel_permissions-r10674.diff (8.2 KB) - added by Florian Apolloner 15 years ago.
rowlevel_perms@12123_#11010.diff (16.6 KB) - added by Florian Apolloner 14 years ago.
object_permissions_r11712_#11010.diff (12.8 KB) - added by Florian Apolloner 14 years ago.

Download all attachments as: .zip

Change History (26)

Changed 15 years ago by Florian Apolloner

comment:1 Changed 14 years ago by Chris Beaven

Triage Stage: UnreviewedDesign decision needed

comment:2 Changed 14 years ago by Thomas Güttler

Cc: hv@… added

comment:3 Changed 14 years ago by Jannis Leidel

Cc: Jannis Leidel added
Has patch: set
Needs tests: set

comment:4 Changed 14 years ago by Jannis Leidel

Needs documentation: set
Patch needs improvement: set
Triage Stage: Design decision neededAccepted

Setting to accepted after talking to jacobian and apollo13 in #django-dev.

comment:5 Changed 14 years ago by contact@…

I made my own row level permission system based on this patch. It's still in a very early stage, but if needed I can share my findings.

comment:6 Changed 14 years ago by anonymous

Cc: contact@… added

comment:7 Changed 14 years ago by anonymous

Cc: vinilios@… added

comment:8 in reply to:  5 Changed 14 years ago by Florian Apolloner

Replying to contact@roelkramer.nl:

I made my own row level permission system based on this patch. It's still in a very early stage, but if needed I can share my findings.

Hi, I am working on this patch for 1.2 and it would be nice if you could share your backend; maybe we find something else to include or improve…

comment:9 Changed 14 years ago by Florian Apolloner

Owner: changed from nobody to Florian Apolloner

comment:10 Changed 14 years ago by Florian Apolloner

Cc: Florian Apolloner added

comment:11 Changed 14 years ago by nabucosound

Cc: nabucosound added

Changed 14 years ago by Florian Apolloner

comment:12 Changed 14 years ago by Florian Apolloner

Updated the patch after talking to jacob on irc, the deprecation ploicy is described too. Also moved tests from doctest to unittest

comment:13 Changed 14 years ago by Alexander Koshelev

Cc: Alexander Koshelev added

comment:14 Changed 14 years ago by Michael P. Jung

Cc: mpjung@… added

Changed 14 years ago by Florian Apolloner

comment:15 Changed 14 years ago by Florian Apolloner

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

nearing „ready for checkin“ after talking to jacob again I guess ;)

comment:16 Changed 14 years ago by Jacob

Owner: changed from Florian Apolloner to Jacob
Status: newassigned
Triage Stage: AcceptedReady for checkin

comment:17 Changed 14 years ago by xonatius

What about anonymous user? It still return False on has_perm?

comment:18 Changed 14 years ago by Jannis Leidel

Owner: changed from Jacob to Jannis Leidel
Status: assignednew

Taking this ticket in preparation for sprint.

comment:19 Changed 14 years ago by Jannis Leidel

Resolution: fixed
Status: newclosed

(In [11807]) Fixed #11010 - Add a foundation for object permissions to authentication backends. Thanks to Florian Apolloner for writing the initial patch.

comment:20 Changed 14 years ago by Oroku Saki

Will this be what's needed for security only (ie, block people without permissions to see some object), or will it help people who are developing SAAS with an Account model who have been going SomeModel.objects.filter(account=request.account)? Or, will this only work with the built in Auth system?

comment:21 Changed 14 years ago by Florian Apolloner

This ticket is closed and trac isn't for discussion, plz redirect your question to the appropriate mailing list

comment:22 Changed 13 years ago by Thomas Güttler

Cc: hv@… removed

comment:23 Changed 12 years ago by Jacob

milestone: 1.2

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top