Changes between Version 8 and Version 9 of GenericAuthorization
- Timestamp:
- Aug 3, 2006, 10:31:22 PM (18 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GenericAuthorization
v8 v9 45 45 {{{ 46 46 #!python 47 from django.contrib.auth.models import User 47 from django.contrib.auth.models import User, Permission 48 48 from django.contrib.auth import has_permission 49 50 class Person(models.Model) 51 name = models.CharField(maxlength=50) 52 53 class Admin: pass 49 54 50 55 def default_has_permission(user, permission, object=None): 51 56 return user.has_perm(permission) 52 57 53 has_permission.register(default_has_permission, User )58 has_permission.register(default_has_permission, User, Permission, Person) 54 59 }}} 55 60 56 This is fairly close to what it would look like to implement django's current security policy. The object isn't really important in this case since Django's permissions are based on the Model you're accessing, not the actual object (See RowLevelPermissions for object-specific permissions.) We is we pass more than just {{{User}}} to the register method, we can register different security rules for different Models.61 Now every time has_permission is called with an instance of User, Permission, and Person, those argument will be passed into default_has_permission, and the result will be returned. This was we can use different functions for different models, custom user classes, and even custom permission types. 57 62 63 This is fairly close to what it would look like to implement django's current security policy. The object isn't really important in this case since Django's permissions are based on the Model you're accessing, not the actual object (See RowLevelPermissions for object-specific permissions.) 58 64 59 65 == Implementation ==