0

I'm using django 1.6 with REST. I'm trying to incorporate object level as well as system level permissions into my app. After reading a bit I found that django-gurdian is the best way to go (as it play nice with all the other apps).

I'm a bit confused though about how system level permissions and object level permissions are being handled together. For example,

class Item(models.Model):
    ...
    class Meta:
        permissions = (
            ("item_create", "Can create an item") , # System privilege
            ("item_update", "Can update the item"), 
            ("item_delete", "Can delete the item"),
            ("item_read"  , "Can view the item")
        )

I started writing my permissions.py when I realized that i'm not entirely certain on how to test for item_create given that i don't have an item instance yet (nor I should for a system privilege).

Appreciate any words about the difference and / or how to manage them both and how the two play together.

haki
  • 9,389
  • 15
  • 62
  • 110

1 Answers1

0
  1. For Guardian permssions see the djano-guardian docu: http://django-guardian.rtfd.org/
  2. For Django system permissions see: https://docs.djangoproject.com/en/dev/topics/auth/default/#default-permissions

You probably must define your own methods in which the permission checking is done. Pseudo-Code:

if is_system_permission(perm):
    user.has_perm(perm)
else:
    guardian.user_has_perm(object, perm)

Cheers

Malte Jacobson
  • 215
  • 1
  • 11