Code


Version 2 (modified by Chris Long, 8 years ago) (diff)

--

TOC(inline)?

Row Level Permissions Model

Row Level Permissions uses generic relations to decrease the number of tables to only one. The generic relations allow us to create row level permissions with any instance of any model and connect it to an "owner" object. To allow more freedom, the owner object is also a generic relation. This means that you can use your own models as an owner of a row level permission. The actual model code is below:

class RowLevelPermission(models.Model):
    type_id = models.PositiveIntegerField("'Type' ID")
    type_ct = models.ForeignKey(ContentType, verbose_name="'Type' content type", related_name="type_ct")
    owner_id = models.PositiveIntegerField("'Owner' ID")
    owner_ct = models.ForeignKey(ContentType, verbose_name="'Owner' content type", related_name="owner_ct")
    negative = models.BooleanField()
    permission = models.ForeignKey(Permission)
    
    type = models.GenericForeignKey(fk_field='type_id', ct_field='type_ct')
    owner = models.GenericForeignKey(fk_field='owner_id', ct_field='owner_ct')
    
    objects = RowLevelPermissionManager()
    
    class Meta:
        verbose_name = _('row level permission')
        verbose_name_plural = _('row level permissions')
        unique_together = (('type_ct', 'type_id', 'owner_id', 'owner_ct', 'permission'),)        

This does not modify the current permissions table at all, and can be layered ontop of it if the developer wishes to but it can be ignored easily.

How Row Permissions Are Enabled

Row permissions are enabled using the meta class, please see RowLevelPermissions for more information on how to enable them. How this is done is in django.db.models.base.ModelBase under new is the following snippet:

        if getattr(new_class._meta, 'row_level_permissions', None):
            from django.contrib.auth.models import RowLevelPermission
            gen_rel = django.db.models.GenericRelation(RowLevelPermission, object_id_field="type_id", content_type_field="type_ct")
            new_class.add_to_class("row_level_permissions", gen_rel)

In django.db.models.options.Options it has been modified to set row_level_permissions as disabled by default.

Owner Objects

At this current point of time, you can set up an owner by including the following relation:

...
row_level_permissions_owned = models.GenericRelation(RowLevelPermission, object_id_field="owner_id", content_type_field="owner_ct", related_name="owner")
...

I might be changing this around in the near future, but I only expect it to be used a few times I don't see a large need to make this a similiar process to the enabling of row level permissions on objects. Please give feedback if you think otherwise.

Checking of Row Level Permissions

To be added soon.

Integration into Administration Application

Being worked on. Will post when it is complete or near enough to have a better idea.

Test Cases of Row Level Permissions

API

Test Case Status
Creating RLP using manager's create method-
Creating RLP using manager's default permission create method-
Creating RLP using init method-
Loading RLPs from object-
Loading RLPs from owner(user)-
Loading RLPs from owner(group)-
Deleting RLP-
Checking of Permissions(will expand on)-
Duplicate RLPs-
Enabling RLPs-

Admin

Test Case Status (w/ javascript) Status (w/o javascript)
Creating RLP--
Creating RLP w/ wrong permissions--
Deleting RLP--
Editing RLP--
Duplicate RLPs by creating duplicate--
Duplicate RLPs by editing--