Opened 6 years ago
Last modified 5 years ago
#29918 closed New feature
Add support for checking object permissions in PermissionRequiredMixin — at Initial Version
| Reported by: | Tobias Bengfort | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 2.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As far as I understand, django's architecture supports object permissions, but external apps like django-rules or django-guardian are supposed to provide actual implementations. I think this approach is great. However, I believe that there are some key points where django core should provide more tooling so that the external apps can concentrate more on building the actual authentication backends.
On such point is PermissionRequiredMixin. If you want to use object permissions, you have to either replace or extend it.
A new method get_permission_object() could be added. This is what django-guardian does. However, in django core it should return None by default for backwards compatibility (In django-guardian it falls back to get_object()).
A patch is available at https://github.com/django/django/pull/10600