django-object-permission 0.5.2

安装

sudo pip install django-object-permission

或：

sudo pip install git+git://github.com/lambdalisue/django-object-permission.git#egg=django-object-permission

如何使用

1. 将“对象权限”附加到INSTALLED_APPS
2. 将“object_permission.backends.objectpermbandend”附加到AUTHENTICATION_BACKENDS
3. 将“ophandler.py”添加到应用程序目录，如“admin.py”
4. 编写特定于模型的objectpermhandler并将其注册到object_permission.site

见object_permission_test 更多细节。如果你想看旧式故事，请看README_old.rst或 object_permission_test_deprecated

微型博客应用程序示例

models.py：

from django.db import models
from django.contrib.auth.models import User

# django-author: useful for adding automatically update author field
from author.decorators import with_author

@with_author
class Entry(models.Model):
        PUB_STATES = (
                ('public', 'public entry'),
                ('protected', 'login required'),
                ('private', 'secret entry'),
        )
        pub_state = models.CharField('publish status', choices=PUB_STATES)
        title = models.CharField('title', max_length=140)
        body = models.TextField('body')

        # ...

ophandler.py：

from object_permission import site
# AuthorObjectPermHandler need 'django-observer' and required 'author'
# field (the author field is automatically added by 'with_author' decorator)
from object_permission.handlers import ObjectPermHandler

from models import Entry

class EntryObjectPermHandler(ObjectPermHandler):
    """ObjectPermHandler for model which has author field

    This handler contribute..

        1.  Manager permission to instance author
        2.  Viewer permission to authenticated user
        3.  Viewer permission to anonymous user if reject_anonymous is False

    """
    author_field = 'author'
    reject_anonymous = False

    def get_author(self):
        """get author field value"""
        return getattr(self.instance, self.author_field)

    def setup(self):
        # watch author field
        self.watch(self.author_field)

    def updated(self, attr):
        # Author has full access
        self.manager(self.get_author())
        # Authenticated user can view
        self.viewer(None)
        if self.reject_anonymous:
            self.reject('anonymous')
        else:
            self.viewer('anonymous')
# Register to object_permission site like django.contrib.admin
site.register(Entry, EntryObjectPermHandler)

views.py：

from django.views.generic import ListView
from django.views.generic import DetailView
from django.views.generic import CreateView
from django.views.generic import UpdateView
from django.views.generic import DeleteView
from django.core.urlresolvers import reverse

from object_permission.decorators import permission_required

from models import Entry
from forms import EntryForm

class EntryListView(ListView):
    model = Entry

class EntryDetailView(DetailView):
    model = Entry
    slug_field = 'title'

    # decorate 'dispatch' method without method_decorator
    @permission_required('blog.view_entry')
    def dispatch(self, *args, **kwargs):
        return super(EntryDetailView, self).dispatch(*args, **kwargs)

# You can use the decorator as View class decorator
# Then automatically decorate 'dispatch' method of the View
@permission_required('blog.add_entry')
class EntryCreateView(CreateView):
    form_class = EntryForm
    model = Entry

@permission_required('blog.change_entry')
class EntryUpdateView(UpdateView):
    form_class = EntryForm
    model = Entry

@permission_required('blog.delete_entry')
class EntryDeleteView(DeleteView):
    model = Entry
    def get_success_url(self):
        return reverse('blog-entry-list')

index.html：

{% load object_permission_tags %}
<html>
<head>
        <title>django-object-permission example</title>
</head>
<body>
        {% pif 'blog.add_entry' of None or 'blog.change_entry' of object or 'blog.delete_entry' of object %}
        <!-- displayed only user who has `blog.add_entry` permission,
                `blog.change_entry` permision for object or
                `blog.delete_entry` permission for object -->
                <h2>Toolbox</h2>
                {% pif 'blog.add_entry' of object %}
                        <!-- displayed only user who has `blog.add_entry` permission -->
                        <a href="{% url 'blog-entry-create' %}">Add New Entry</a>
                {% endpif %}
                {% pif object and 'blog.change_entry' of object %}
                        <!-- displayed only user who has `blog.change_entry` permission for object -->
                        <a href="{% url 'blog-entry-update' object.pk %}">Change this entry</a>
                {% endpif %}
                {% pif object and 'blog.delete_entry' of object %}
                        <!-- displayed only user who has `blog.delete_entry` permission for object -->
                        <a href="{% url 'blog-entry-delete' object.pk %}">Delete this entry</a>
                {% endpif%}
        {% endpif %}
</body>
</html>

设置

OBJECT_PERMISSION_EXTRA_DEFAULT_PERMISSIONS

所有模型的额外默认权限列表。Django贡献 默认为所有模型的“添加”、“更改”和“删除”权限。

默认值：['view']

OBJECT_PERMISSION_BUILTIN_TEMPLATETAGS

如果这是真的，那么pif将被内置在templatetags中，这意味着您不需要 在使用pif标记之前，需要添加{% load object_permission_tags %}。

默认值：True

OBJECT_PERMISSION_AUTODISCOVER

启用自动发现功能。对象权限自动搜索“ophandler” （或OBJECT_PERMISSION_HANDLER_MODULE_NAME）模块，用于每个应用程序和加载。

默认值：True

OBJECT_PERMISSION_HANDLER_MODULE_NAME

用于搜索每个应用程序的对象权限处理程序模块。

默认值：'ophandler'

OBJECT_PERMISSION_DEPRECATED

如果这是真的，则加载所有不推荐的功能。你不应该开玩笑 除非您的项目太大，无法进行重构，因为不推荐使用此功能 不再受支持和限制。

将在0.5版中删除

OBJECT_PERMISSION_MODIFY_FUNCTION（已弃用）

为对象的“修改对象”权限保存对象时设置函数的名称。 默认值是modify_object_permission

OBJECT_PERMISSION_MODIFY_M2M_FUNCTION（已弃用）

为修改对象权限更新对象的多人关系时设置函数名 对于对象。默认值是modify_object_permission_m2m