Thursday, September 30, 2010

Re: Need opinion for an object permission rule backend

The license is a 3-clause BSD style license, it's compatible with
Django's license as far as I know.

On Sep 30, 1:55 pm, Miguel Araujo <muchoch...@gmail.com> wrote:
> Hi Michael,
>
> I have been looking at your project, django.extauth and I have to say I
> really like its architecture and permission handling. I have to say that my
> rule system is kind of the same thing of your role system, except mine is
> less flexible. I'm going to look a little bit the code, install it and see
> if I can help you with anything.
>
> Only thing that cached my eye is that code is Copyrighted. Why not using an
> Open-source license?
>
> Thanks for your mail, regards
> Miguel Araujo
>
> 2010/9/30 mhall119 <mhall...@gmail.com>
>
>
>
> > I've recently open-sourced some code that I developed for my work
> > projects that may do at least part of what you need:
> >http://bitbucket.org/mhall119/django-extauth/wiki/Home
>
> > The basic idea is that you define a "role" that is a relationship
> > between a user and an instance of a given Model.  With your example,
> > you would created an "owner" role for your model, that somehow links
> > the user instance to the model instance.  Usually you do this directly
> > via a ForeignKey in your model, but they can be as complex as you want
> > them to be.
>
> > On Sep 30, 9:50 am, Miguel Araujo <muchoch...@gmail.com> wrote:
> > >  Hi everyone,
>
> > > I have been recently thinking about an object permission system. After
> > > reviewing Florian Apolloner (apollo13) patch for ticket
> > > #11010<http://code.djangoproject.com/ticket/11010> and
> > > reading his article at Django
> > > Advent<http://djangoadvent.com/1.2/object-permissions/>.
> > > I though about creating an Object Permission Rule Backend. The purpose of
> > > this message is explain you my idea, so I can receive feedback from
> > Django
> > > users and developers. This way I would like to discern if it's worth
> > coding
> > > it or if it's a good approach to a reusable solution.
>
> > > I will reuse apollo's code to elaborate my idea. My Backend would look
> > > similar to:
>
> > > class ObjectPermBackend(object):
> > >     supports_object_permissions = True
> > >     supports_anonymous_user = True
>
> > >     def authenticate(self, username, password):
> > >         return None
>
> > >     def has_perm(self, user_obj, perm, obj=None):
> > >         if not user_obj.is_authenticated():
> > >             user_obj = User.objects.get(pk=settings.ANONYMOUS_USER_ID)
>
> > >         if obj is None:
> > >             return False
>
> > >         ct = ContentType.objects.get_for_model(obj)
>
> > >         try:
> > >             perm = perm.split('.')[-1].split('_')[0]
> > >         except IndexError:
> > >             return False
>
> > > # Simplified rule system
> > >         # Of course objects should extend an interface
> > > if (perm == "ownage")
> > > return obj.is_owned_by(user_obj)
>
> > > elif (perm == "edit")
> > > return obj.can_be_edited_by(user_obj)
>
> > > # Here be Dragons
>
> > > As I love decorators, I would like to create a permission_required
> > decorator
> > > that accepted more than a parameter, so:
>
> > > @permission_required('app.code_name') would
> > > become @permission_required('app.code_name', FLAG)
>
> > > If the FLAG is set the decorator searches in the model associated to the
> > > content type of the permission, for the name of the field for the PK. For
> > > the example imagine idArticle. Now it instantiates an object of that
> > model
> > > with Model.objects.get(pk=request.idArticle). So it would be necessary to
> > > match request parameters to model fileds (This is the best idea I've come
> > up
> > > with). Once it has the right object, it passes it to the backend for
> > > permission checks.
>
> > > I know I could do a decorator like @own_article but I'm looking for a
> > more
> > > reusable solution, that I would make open source and release at Github.
>
> > > What do you think? Is it feasible and well laid out?
>
> > > Thanks, best regards
> > > Miguel Araujo
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Django users" group.
> > To post to this group, send email to django-users@googlegroups.com.
> > To unsubscribe from this group, send email to
> > django-users+unsubscribe@googlegroups.com<django-users%2Bunsubscribe@google groups.com>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/django-users?hl=en.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

No comments:

Post a Comment