|Version 2 (modified by Chris Long, 9 years ago) (diff)|
Row Level Permissions Model
Row Level Permissions uses generic relations to decrease the number of tables to only one. The generic relations allow us to create row level permissions with any instance of any model and connect it to an "owner" object. To allow more freedom, the owner object is also a generic relation. This means that you can use your own models as an owner of a row level permission. The actual model code is below:
class RowLevelPermission(models.Model): type_id = models.PositiveIntegerField("'Type' ID") type_ct = models.ForeignKey(ContentType, verbose_name="'Type' content type", related_name="type_ct") owner_id = models.PositiveIntegerField("'Owner' ID") owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content type", related_name="owner_ct") negative = models.BooleanField() permission = models.ForeignKey(Permission) type = models.GenericForeignKey(fk_field='type_id', ct_field='type_ct') owner = models.GenericForeignKey(fk_field='owner_id', ct_field='owner_ct') objects = RowLevelPermissionManager() class Meta: verbose_name = _('row level permission') verbose_name_plural = _('row level permissions') unique_together = (('type_ct', 'type_id', 'owner_id', 'owner_ct', 'permission'),)
This does not modify the current permissions table at all, and can be layered ontop of it if the developer wishes to but it can be ignored easily.
How Row Permissions Are Enabled
Row permissions are enabled using the meta class, please see RowLevelPermissions for more information on how to enable them. How this is done is in django.db.models.base.ModelBase under new is the following snippet:
if getattr(new_class._meta, 'row_level_permissions', None): from django.contrib.auth.models import RowLevelPermission gen_rel = django.db.models.GenericRelation(RowLevelPermission, object_id_field="type_id", content_type_field="type_ct") new_class.add_to_class("row_level_permissions", gen_rel)
In django.db.models.options.Options it has been modified to set row_level_permissions as disabled by default.
At this current point of time, you can set up an owner by including the following relation:
... row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner") ...
I might be changing this around in the near future, but I only expect it to be used a few times I don't see a large need to make this a similiar process to the enabling of row level permissions on objects. Please give feedback if you think otherwise.
Checking of Row Level Permissions
To be added soon.
Integration into Administration Application
Being worked on. Will post when it is complete or near enough to have a better idea.
Test Cases of Row Level Permissions
|Creating RLP using manager's create method||-|
|Creating RLP using manager's default permission create method||-|
|Creating RLP using init method||-|
|Loading RLPs from object||-|
|Loading RLPs from owner(user)||-|
|Loading RLPs from owner(group)||-|
|Checking of Permissions(will expand on)||-|
|Creating RLP w/ wrong permissions||-||-|
|Duplicate RLPs by creating duplicate||-||-|
|Duplicate RLPs by editing||-||-|