Per-object permissions
3 views
Skip to first unread message
gamliel roi
Nov 24, 2009, 7:00:39 AM11/24/09
to Django users
Hello all,
I have the admin site up and running but I need to create a group of users, such that each of the users will be able to edit objects that are only relevant to them (e.g Project objects that the user is also the ProjectManager).
I know that in the past Django had a Per-object permissions branch, which is now abandoned.
Should I peruse this direction and try to incorporate this branch to my current code? is it documented and running properly?
Any other ideas/suggestions/resources regarding this problem?
--
Best
Roi Gamliel
I have the admin site up and running but I need to create a group of users, such that each of the users will be able to edit objects that are only relevant to them (e.g Project objects that the user is also the ProjectManager).
I know that in the past Django had a Per-object permissions branch, which is now abandoned.
Should I peruse this direction and try to incorporate this branch to my current code? is it documented and running properly?
Any other ideas/suggestions/resources regarding this problem?
--
Best
Roi Gamliel
Jani Tiainen
Nov 24, 2009, 7:32:47 AM11/24/09
to django...@googlegroups.com
Most promising solution I've seen is django-authority.
<http://packages.python.org/django-authority/>
I haven't (yet) used it but I'm planning to do that at some point.
Quick peek revealed that branch you mentioned is a quite outdated, last
update is "only" two and half years old..
> --
>
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users
> +unsub...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
<http://packages.python.org/django-authority/>
I haven't (yet) used it but I'm planning to do that at some point.
Quick peek revealed that branch you mentioned is a quite outdated, last
update is "only" two and half years old..
>
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users
> +unsub...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
nek4life
Nov 24, 2009, 9:17:58 AM11/24/09
to Django users
You should look into django-authority. I'm pretty sure that has per-
object-permissions.
http://packages.python.org/django-authority/index.html
object-permissions.
http://packages.python.org/django-authority/index.html
rebus_
Nov 24, 2009, 10:16:05 AM11/24/09
to django...@googlegroups.com
2009/11/24 nek4life <nek4...@gmail.com>:
Row level permisions should be implemented in Django version 1.2 [1]
if you have the time to wait...
[1] http://code.djangoproject.com/wiki/Version1.2Features
> --
>
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users...@googlegroups.com.
>
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
Row level permisions should be implemented in Django version 1.2 [1]
if you have the time to wait...
[1] http://code.djangoproject.com/wiki/Version1.2Features
David De La Harpe Golden
Nov 24, 2009, 10:16:34 AM11/24/09
to django...@googlegroups.com
integrate your own per-object permission handling auth backends (it
does not in itself constitute per-object permissions):
http://code.djangoproject.com/ticket/11010
I haven't fully worked out how to do integration of our own
(unreleased*) object permission system even given that patch,
though it would presumably be am improvement as it would
enable us to use the django admin more (once the admin is
appropriately updated to pass through the object to the revised
auth backend I suppose).
* Maybe I could/should look into getting it released. We maintain a
D.A.G. where vertices are permissions,roles and users. If a path exists
in the graph (fastish query with the transitive closure representation
used, at least for non-pathological graphs) from a permission to a user
through one or more roles, the user is considered to have that permission.
permissions are action() or action(obj1) or action(obj1,obj2)
Taking your example, in our system, each project would have its own
projectmanager role created, granted the permission to edit the project.
e.g.
perms_all_mgrs_have===>role:project_mgr # just for e.g.
|
v
perm:edit(project1) ---> role:project1_mgr ---> user:user1
Thus, user1 is project manager of project1.
Russell Keith-Magee
Nov 24, 2009, 6:28:25 PM11/24/09
to django...@googlegroups.com
On Tue, Nov 24, 2009 at 11:16 PM, rebus_ <r.da...@gmail.com> wrote:
> 2009/11/24 nek4life <nek4...@gmail.com>:
>> You should look into django-authority. I'm pretty sure that has per-
>> object-permissions.
>>
>> http://packages.python.org/django-authority/index.html
>>
>> On Nov 24, 7:00 am, gamliel roi <roi.gaml...@gmail.com> wrote:
>>> Hello all,
>>>
>>> I have the admin site up and running but I need to create a group of users,
>>> such that each of the users will be able to edit objects that are only
>>> relevant to them (e.g Project objects that the user is also the
>>> ProjectManager).
>>>
>>> I know that in the past Django had a Per-object permissions branch, which is
>>> now abandoned.
>>>
>>> Should I peruse this direction and try to incorporate this branch to my
>>> current code? is it documented and running properly?
>>>
>>> Any other ideas/suggestions/resources regarding this problem?
>>>
>>
> 2009/11/24 nek4life <nek4...@gmail.com>:
>> You should look into django-authority. I'm pretty sure that has per-
>> object-permissions.
>>
>> http://packages.python.org/django-authority/index.html
>>
>> On Nov 24, 7:00 am, gamliel roi <roi.gaml...@gmail.com> wrote:
>>> Hello all,
>>>
>>> I have the admin site up and running but I need to create a group of users,
>>> such that each of the users will be able to edit objects that are only
>>> relevant to them (e.g Project objects that the user is also the
>>> ProjectManager).
>>>
>>> I know that in the past Django had a Per-object permissions branch, which is
>>> now abandoned.
>>>
>>> Should I peruse this direction and try to incorporate this branch to my
>>> current code? is it documented and running properly?
>>>
>>> Any other ideas/suggestions/resources regarding this problem?
>>>
>>
> Row level permisions should be implemented in Django version 1.2 [1]
> if you have the time to wait...
>
> [1] http://code.djangoproject.com/wiki/Version1.2Features
To be clear - that ticket *doesnt'* implement row-level permissions;
> if you have the time to wait...
>
> [1] http://code.djangoproject.com/wiki/Version1.2Features
it modifies the calls for permission checks to allow you to build a
row-level permissions checker external to Django.
Yours,
Russ Magee %-)
rebus_
Nov 25, 2009, 8:31:22 AM11/25/09
to django...@googlegroups.com
2009/11/25 Russell Keith-Magee <freakb...@gmail.com>:
That's true, i probably wasn't too clear on this.
But i would rather use Django API to implement row-level permissions
then start building my own implementation from scratch, if you have
the luxury of waiting till it hits trunk or comes out in 1.2 that is.
Davor
But i would rather use Django API to implement row-level permissions
then start building my own implementation from scratch, if you have
the luxury of waiting till it hits trunk or comes out in 1.2 that is.
Davor
Gamliel Roi
Nov 25, 2009, 8:44:56 AM11/25/09
to django...@googlegroups.com
Any idea when 1.2 will be released?
2009/11/25 Russell Keith-Magee <freakb...@gmail.com>:
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
--
Best
Roi Gamliel
rebus_
Nov 25, 2009, 8:49:25 AM11/25/09
to django...@googlegroups.com
2009/11/25 Gamliel Roi <roi.g...@gmail.com>:
> --
http://code.djangoproject.com/wiki/Version1.2Roadmap
> Any idea when 1.2 will be released?
>
>
>
> On Wed, Nov 25, 2009 at 3:31 PM, rebus_ <r.da...@gmail.com> wrote:
>>
>> 2009/11/25 Russell Keith-Magee <freakb...@gmail.com>:
>
>
>
> On Wed, Nov 25, 2009 at 3:31 PM, rebus_ <r.da...@gmail.com> wrote:
>>
>> 2009/11/25 Russell Keith-Magee <freakb...@gmail.com>:
http://code.djangoproject.com/wiki/Version1.2Roadmap
Christian Schilling
Nov 28, 2009, 9:06:34 AM11/28/09
to Django users
http://github.com/initcrash/django-object-permissions/
implements this on 1.1 (it's not hard at all, so i don't really
understand the change planed for 1.2)
there are no docs yet, but the testproject shows how to use it: just
use ObjectPermissionAdmin
as base for the admin classes instead of ModelAdmin, that's it.
On Nov 25, 2:49 pm, rebus_ <r.dav...@gmail.com> wrote:
> 2009/11/25 Gamliel Roi <roi.gaml...@gmail.com>:
>
> >> 2009/11/25 Russell Keith-Magee <freakboy3...@gmail.com>:
> >> > On Tue, Nov 24, 2009 at 11:16 PM, rebus_ <r.dav...@gmail.com> wrote:
> >> >> 2009/11/24 nek4life <nek4l...@gmail.com>:
implements this on 1.1 (it's not hard at all, so i don't really
understand the change planed for 1.2)
there are no docs yet, but the testproject shows how to use it: just
use ObjectPermissionAdmin
as base for the admin classes instead of ModelAdmin, that's it.
On Nov 25, 2:49 pm, rebus_ <r.dav...@gmail.com> wrote:
> 2009/11/25 Gamliel Roi <roi.gaml...@gmail.com>:
>
>
>
> > Any idea when 1.2 will be released?
>
> > On Wed, Nov 25, 2009 at 3:31 PM, rebus_ <r.dav...@gmail.com> wrote:
>
>
> > Any idea when 1.2 will be released?
>
>
> >> 2009/11/25 Russell Keith-Magee <freakboy3...@gmail.com>:
> >> > On Tue, Nov 24, 2009 at 11:16 PM, rebus_ <r.dav...@gmail.com> wrote:
> >> >> 2009/11/24 nek4life <nek4l...@gmail.com>:
Reply all
Reply to author
Forward
0 new messages