Create a custom permission¶
django-authority allows you to define powerful custom permission. Let’s start again with an example code:
import authority
from authority import permissions
from django.contrib.flatpages.models import Flatpage
class FlatpagePermission(permissions.BasePermission):
label = 'flatpage_permission'
authority.register(Flatpage, FlatpagePermission)
A custom permission is a simple method of the permission class:
import authority
from authority import permissions
from django.contrib.flatpages.models import Flatpage
class FlatpagePermission(permissions.BasePermission):
label = 'flatpage_permission'
checks = ('my_custom_check',)
def my_custom_check(self, flatpage):
if(flatpage.url == '/about/'):
return True
return False
authority.register(Flatpage, FlatpagePermission)
Note that we first added the name of your custom permission to the checks
attribute, like in Create a per-object permission:
checks = ('my_custom_check',)
The permission itself is a simple function that accepts an arbitrary number of arguments. A permission class should always return a boolean whether the permission is True or False:
def my_custom_check(self, flatpage):
if flatpage.url == '/about/':
return True
return False
Warning
Although it’s possible to return other values than True
, for
example an object which also evluates to True, we highly advise to only
return booleans.
Custom permissions are not necessary related to a model, you can define simpler permissions too. For example, return True if it’s between 10 and 12 o’clock:
def datetime_check(self):
hour = int(datetime.datetime.now().strftime("%H"))
if hour >= 10 and hour <= 12:
return True
return False
But most often you want to combine such permissions checks. The next example would allow an user to have permission to edit a flatpage only between 8 and 12 o’clock in the morning:
def morning_flatpage_check(self, flatpage):
hour = int(datetime.datetime.now().strftime("%H"))
if hour >= 8 and hour <= 12 and flatpage.url == '/about/':
return True
return False
Check custom permissions¶
The permission check is similar to Create a basic permission and Create a per-object permission.
Warning
Although per-object permissions are translated to
<permname>_<modelname>
this is not the case for custom permissions!
A custom permission my_custom_check
remains my_custom_check
.
In your python code¶
from myapp.permissions import FlatPagePermission
def my_view(request):
check = FlatPagePermission(request.user)
flatpage_object = Flatpage.objects.get(url='/homepage/')
if check.my_custom_check(flatpage=flatpage_object):
print "Yay, you can change *this* flatpage!"
Using the view decorator¶
from django.contrib.auth import Flatpage
from authority.decorators import permission_required_or_403
@permission_required_or_403('flatpage_permission.my_custom_check',
(Flatpage, 'url__iexact', 'url')) # The flatpage_object
def my_view(request, url):
# ...
See Check permissions using the decorator how the decorator works in detail.
In your templates¶
{% ifhasperm "flatpage_permission.my_custom_check" request.user flatpage_object %}
Yay, you can change *this* flatpage!
{% else %}
Nope, sorry. You aren't allowed to change *this* flatpage.
{% endifhasperm %}
See Check permissions in templates how the templatetag works in detail.