The auth-decorators to check for permission are nice, but it would
be better, if the authorization could be decoupled from calling the view.
My goal: Check if a user can access a view without calling it, because
I want to disable/hide a link if the user must not call it.
I implemented it in my application, but it would be nice if something like
this would inside django (This would improve plug-ability of applications)
My implementation works like this:
every view method as an attribute 'has_perm' which takes the
same args, kwargs like the view:
def myview(request, something)
...
myview.has_perm=lambda ...
For ease of usage you can set has_perm to True (no access restriction)
or to a permission string (app_label.perm_codename) or to is_authenticated,
is_staff, is_superuser.
There is a small helper method for checking if a user/request would be
allowed
to access this view and a small middleware to render "403 forbidden" pages.
Thomas
--
Thomas Guettler, http://www.thomas-guettler.de/
E-Mail: guettli (*) thomas-guettler + de
I am very happy that someone understood what I want.
> Perhaps you could post your code somewhere so that 3rd-party app
> developers can standardize their authorization (git-hub?).
>
>
I added a snippet:
http://www.djangosnippets.org/snippets/1214/
Thomas
--
Thomas Guettler, http://www.thomas-guettler.de/