The purpose of this app is to automatically create a Group
for each app, and manage authentication through that app by those Group
s within the admin panel.
This is an Django app created to work with Django, DRF (Django Rest Framework), and Django DRF Advanced Token (Another Django app I wrote: https://pypi.org/project/django-drf-advanced-token/).
DRF Advanced Token is not necessary, but if it is not used there must be some middlewhere before Django App Permissions to add the user to the request object in order for this to work with DRF.
NOTE: Make sure the base django stuff is migrated before adding this to the project! 1.a Pip install everything you need.
- New Project:
pip install --upgrade django-app-permissions
- Existing Project:
pip install --upgrade django djangorestframework django-app-permissions
1.b (recommended) - Pip install Django DRF Advanced Token. This package was tested using DRF Advanced Token, and I recommend using it: pip install --upgrade django-drf-advanced-token
- Move the user installed apps (the one's you created with
python manage.py startapp
) to a new setting calledACCESS_CONTROLLED_INSTALLED_APPS
beforeINSTALLED_APPS
in the projectsettings.py
ACCESS_CONTROLLED_INSTALLED_APPS = [
'test_app_one',
'test_app_two',
]
- add
+ ACCESS_CONTROLLED_INSTALLED_APPS
to the end of theINSTALLED_APPS
list in the projectsettings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'rest_framework.authtoken',
'drf_advanced_token',
'django_app_permissions'
] + ACCESS_CONTROLLED_INSTALLED_APPS
- Add the middleware to
MIDDLEWARE
in the projectsettings.py
:
MIDDLEWARE = [
...
'django_app_permissions.middleware.auth.AppAuthentication',
'drf_advanced_token.middleware.auth.ProcessToken', # Include this only if you are using Django DRF Advanced Token
]
If you want groups to be automatically created for each app, in your project urls.py
, put this code:
from django.core.management import call_command
call_command("resolve_app_groups")
This will automatically create a group for each app installed in ACCESS_CONTROLLED_INSTALLED_APPS
whenver Django starts.
YOU MUST ADD THE APPS THAT YOU WANT TO CONTROL ACCESS TO ACCESS_CONTROLLED_INSTALLED_APPS
, not INSTALLED_APPS
If you would rather do it manually, call python manage.py resolve_app_groups
.
Django App Permissions comes with two views you can use.
APIAppAuthView
for api views (extends Arest_framework.views.APIView
), and AppAuthView
for normal views (extends django.views.View
).
Using these views within your app will lock that view to users that are part of that group.
Import them like this:
from django_app_permissions.views import APIAppAuthView
from django_app_permissions.views import AppAuthView
Use them like any view: API (Extends rest_framework.views.APIView):
class TestAPIView(APIAppAuthView):
def get(self, request, *args, **kwargs):
return Response({"hi":"bye"})
Regular View:
class TestView(AppAuthView):
def get(self, request, *args, **kwargs):
return HttpResponse("hi")
Add ALLOW_ALL_SUPERUSER = True
to the project settings.py
to allow superusers to access all apps without being explicitly added to the group.
If you would like to remove Groups
from the admin page, add UNREGISTER_GROUP = True
to the project settings.py
If you would like the user to be redirected somewhere, like an access request page, instead of getting a 403, add REDIRECT_403_URL
to the project settings.py
.
REDIRECT_403_URL
must be the name of a view that you would like the user to be redirected to.
If you are using DRF Advanced Token Manager (https://github.com/amp89/drf_advanced_token_manager) put this to redirect the user to an access request form: REDIRECT_403_URL='django_app_permissions_access_request.request_access'