PermissionsX - Authorization for Django
Python HTML

README.md

Build Status Coverage Status Latest Version Python Versions Downloads License Documentation Status

django-permissionsx

Compatibility note

This package is intended to work with Python 3.5+ and Django 1.10+.

Quick Start

1. Install django-permissionsx package:

    pip install django-permissionsx

2. Define permissions in a module of your choice:

    from permissionsx.models import P
    from permissionsx.models import Permissions


    class ManagerPermissions(Permissions):

        rules = P(user__is_staff=True) & P(user__has_company_assigned=True)

3. Add permissions to your views, e.g.:

    from permissionsx.contrib.django.views import PermissionsListView

    from example.profiles.permissions import ManagerPermissions


    class AuthenticatedListView(PermissionsListView):

        queryset = Item.objects.all()
        permissions = Permissions(
            P(user__is_authenticated=True)
        )


    class ManagerListView(PermissionsListView):

        queryset = Item.objects.all()
        permissions = ManagerPermissions()

4. Don't forget to add permissionsx to your INSTALLED_APPS:

    INSTALLED_APPS = (
        'django.contrib.admin',
        'django.contrib.auth',
        'django.contrib.staticfiles',
        [...]
        'permissionsx',

5. Now add request context processor, so you can use permissions in your templates:

    TEMPLATE_CONTEXT_PROCESSORS = (
        [...]
        'django.core.context_processors.request',
        [...]
    )

6. Apply permissions in templates if you need:

    {% load permissionsx_tags %}
    {% block content %}
    {% permissions 'example.profiles.permissions.ManagerPermissions' as user_is_manager %}
    <ul id="utility-navigation">
        {% if user_is_manager %}
            <a href="#">Publish article</a>
        {% endif %}
    </ul>
    {% endblock content %}

7. That's all!

User will be redirected to LOGIN_URL by default, if:

  • not logged in and tries to access AuthenticatedListView;
  • not a staff member, request.user.profile.is_manager is set to False and tries to access ManagerListView;
  • Publish article option will be displayed only if user meets ManagerPermissions conditions.