Changes between Initial Version and Version 1 of Ticket #31093


Ignore:
Timestamp:
Dec 15, 2019, 8:26:46 AM (5 years ago)
Author:
James Pic
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #31093 – Description

    initial v1  
    11Permissions on objects are based on two mechanisms that developers have to implement:
    22
     3- returning if a user has a permission on an object instance
    34- filtering a queryset based on a user object and eventually a permission name
    4 - returning if a user has a permission on an object instance
    55
    66Currently, permission backend allows developers to implement the first mechanism: you can allow a specific permission on an object with the permission backend.
     
    2121}}}
    2222
    23 However, permission framework does not include a the first security feature mentioned: getting a filtered queryset with objects a user should be able to see, eventually for a given permission. Such implementation could look like:
     23However, permission framework should also allow developers to implement the second security mechanism: getting a filtered queryset with objects a user should be able to see, eventually for a given permission. Such implementation could look like:
    2424
    2525
Back to Top