status of per-object-level permission
3 views
Skip to first unread message
dadapapa
Sep 10, 2008, 11:43:38 AM9/10/08
to Django users
Hi,
great to see the release of version 1.0 !!!
I was wondering if per-object-level (aka row-level) permissions have
been included into this release. if not, is there any plan to include
them, or is there any work-around/third-party project that works
together with the new version?
thanks!
- harold -
great to see the release of version 1.0 !!!
I was wondering if per-object-level (aka row-level) permissions have
been included into this release. if not, is there any plan to include
them, or is there any work-around/third-party project that works
together with the new version?
thanks!
- harold -
Malcolm Tredinnick
Sep 10, 2008, 1:56:04 PM9/10/08
to django...@googlegroups.com
On Wed, 2008-09-10 at 08:43 -0700, dadapapa wrote:
> Hi,
>
> great to see the release of version 1.0 !!!
> I was wondering if per-object-level (aka row-level) permissions have
> been included into this release.
There was never any expectation that there would be anything like this
included. So, no.
> if not, is there any plan to include
> them,
You say "them" as if there's an existing working addition to Django that
supports this and is in some way the obviously correct way to do things
(there are a few variations on row-level permissions that are possible,
so establishing the parameters for this sort of thing requires thought).
This isn't the case. There simply hasn't been any work done in this
direction with an eye towards contributing it to core for a few years
(there was an old Google SoC project that went nowhere in the end).
This is the sort of the thing that will be best done as an external
third-party project first and then, possibly, proposed as something for
django.contrib once it has an acceptable user base.
Regards,
Malcolm
dadapapa
Sep 12, 2008, 11:09:21 AM9/12/08
to Django users
> > I was wondering if per-object-level (aka row-level) permissions have
> > been included into this release.
> > been included into this release.
> > if not, is there any plan to include
> > them,
>
> You say "them" as if there's an existing working addition to Django that
> supports this and is in some way the obviously correct way to do things
> (there are a few variations on row-level permissions that are possible,
> so establishing the parameters for this sort of thing requires thought).
Thanks for your answer, Malcolm,
> > them,
>
> You say "them" as if there's an existing working addition to Django that
> supports this and is in some way the obviously correct way to do things
> (there are a few variations on row-level permissions that are possible,
> so establishing the parameters for this sort of thing requires thought).
I was refering to the branch
http://code.djangoproject.com/browser/django/branches/per-object-permissions
which (according to the wiki) appeared to be almost ready for
inclusion in the
main branch of 0.96. To me, this always seemed to be the most official
of the
various runs on row-level-permissions.
> This is the sort of the thing that will be best done as an external
> third-party project first and then, possibly, proposed as something for
> django.contrib once it has an acceptable user base.
it is unclear to the uninitiated which one to choose, and which one
works
best with django1.0. wnay recommendation?
- harold -
rca
Sep 13, 2008, 7:16:12 AM9/13/08
to Django users
> Thanks for your answer, Malcolm,
>
> I was refering to the branchhttp://code.djangoproject.com/browser/django/branches/per-object-perm...
>
> which (according to the wiki) appeared to be almost ready for
> inclusion in the
> main branch of 0.96. To me, this always seemed to be the most official
> of the
> various runs on row-level-permissions.
I am very new to django, I went through the tutorial yesterday and I
> inclusion in the
> main branch of 0.96. To me, this always seemed to be the most official
> of the
> various runs on row-level-permissions.
was looking for some sort of ACLs now. And indeed, per-object-
permissions has been mentioned in many threads. A lot of people seemed
to be waiting and for a beginner like me, it is quite confusing - so
thank you Malcolm for the answer, it is very clear.
>
> > This is the sort of the thing that will be best done as an external
> > third-party project first and then, possibly, proposed as something for
> > django.contrib once it has an acceptable user base.
>
> agreed. however, with the variety of third-party solutions out there,
> it is unclear to the uninitiated which one to choose, and which one
> works
> best with django1.0. wnay recommendation?
would be great
It seems to me that lot of developers are opting for auth backend -
doing things outside Django. I was looking into phpGACL then I found
http://code.google.com/p/spiff-guard/ which is a sort of a similar
project in python.
I also came across this http://www.djangosnippets.org/snippets/414/
(field level permissions)
All the best,
--roman
kajigga
Sep 30, 2008, 2:28:39 PM9/30/08
to Django users
> It seems to me that lot of developers are opting for auth backend -
> doing things outside Django. I was looking into phpGACL then I foundhttp://code.google.com/p/spiff-guard/which is a sort of a similar
> project in python.
>
Have you had any success in using spiff guard with django? I have
also thought about either implementing this or modifying it to work
with django.
- kajigga
Roman Chyla
Sep 30, 2008, 4:24:59 PM9/30/08
to django...@googlegroups.com
I am planning to use it together with django - but not for the django
site, as a general permission system for digital documents. Using
spiff-guard for the backend, and django as an interface to set up the
rules.
But I haven't really started putting them together, maybe you have
clearer ideas about this sort of work...
site, as a general permission system for digital documents. Using
spiff-guard for the backend, and django as an interface to set up the
rules.
But I haven't really started putting them together, maybe you have
clearer ideas about this sort of work...
kajigga
Sep 30, 2008, 6:07:34 PM9/30/08
to Django users
I'm not sure exactly how to proceed myself. I am very pleased with
Django in general, but not having ready to use object-level
permissions is driving me nuts. I realize that django was designed
with a slightly different view point, but there must be something out
there to make it easier.
Anyway, I guess I am looking for something that I can use for the site
itself. Spiff seems to be a "sledge hammer" approach, and I am
wondering if I can extract just the Access Controll List part and
implement that as a pluggable app for django.
I've just come across this Django branch called "RowLevelPermission".
http://code.djangoproject.com/wiki/RowLevelPermissions. I have yet to
try it out.
On Sep 30, 2:24 pm, "Roman Chyla" <roman.ch...@gmail.com> wrote:
> I am planning to use it together with django - but not for the django
> site, as a general permission system for digital documents. Usingspiff-guard for the backend, and django as an interface to set up the
> >> project in python.
>
> > Have you had any success in usingspiffguard with django? I have
Django in general, but not having ready to use object-level
permissions is driving me nuts. I realize that django was designed
with a slightly different view point, but there must be something out
there to make it easier.
Anyway, I guess I am looking for something that I can use for the site
itself. Spiff seems to be a "sledge hammer" approach, and I am
wondering if I can extract just the Access Controll List part and
implement that as a pluggable app for django.
I've just come across this Django branch called "RowLevelPermission".
http://code.djangoproject.com/wiki/RowLevelPermissions. I have yet to
try it out.
On Sep 30, 2:24 pm, "Roman Chyla" <roman.ch...@gmail.com> wrote:
> I am planning to use it together with django - but not for the django
> rules.
> But I haven't really started putting them together, maybe you have
> clearer ideas about this sort of work...
>
> But I haven't really started putting them together, maybe you have
> clearer ideas about this sort of work...
>
> On Tue, Sep 30, 2008 at 8:28 PM, kajigga <kaji...@gmail.com> wrote:
>
> >> It seems to me that lot of developers are opting for auth backend -
> >> doing things outside Django. I was looking into phpGACL then I foundhttp://code.google.com/p/spiff-guard/whichis a sort of a similar
>
> >> It seems to me that lot of developers are opting for auth backend -
> >> project in python.
>
> > Have you had any success in usingspiffguard with django? I have
James Bennett
Sep 30, 2008, 6:10:45 PM9/30/08
to django...@googlegroups.com
On Tue, Sep 30, 2008 at 5:07 PM, kajigga <kaj...@gmail.com> wrote:
> I've just come across this Django branch called "RowLevelPermission".
> http://code.djangoproject.com/wiki/RowLevelPermissions. I have yet to
> try it out.
> I've just come across this Django branch called "RowLevelPermission".
> http://code.djangoproject.com/wiki/RowLevelPermissions. I have yet to
> try it out.
Don't bother; it's dead as a doornail and has been for quite a long
time. As a general rule, if a branch hasn't had a commit in 15 months,
it's probably not what you're looking for.
--
"Bureaucrat Conrad, you are technically correct -- the best kind of correct."
kajigga
Sep 30, 2008, 6:26:40 PM9/30/08
to Django users
Thanks for the tip. I hadn't had time to check on the commits or
status of the project yet.
Others have mentioned a "variety of options" out there. I guess I
haven't looked hard enough yet, because I'm not seeing them. Do you
have any suggestions?
- kajigga
On Sep 30, 4:10 pm, "James Bennett" <ubernost...@gmail.com> wrote:
status of the project yet.
Others have mentioned a "variety of options" out there. I guess I
haven't looked hard enough yet, because I'm not seeing them. Do you
have any suggestions?
- kajigga
On Sep 30, 4:10 pm, "James Bennett" <ubernost...@gmail.com> wrote:
Reply all
Reply to author
Forward
0 new messages