Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/abogoyavlensky/drf-action-permissions

Flexible action level permissions for Django REST framework
https://github.com/abogoyavlensky/drf-action-permissions

action django django-rest-framework permissions python viewset

Last synced: 3 months ago
JSON representation

Flexible action level permissions for Django REST framework

Awesome Lists containing this project

README

        

drf-action-permissions
===

| Release | CI | Coverage |
|---------|----|----------|
|[![pypi](https://img.shields.io/pypi/v/drf-action-permissions.svg)](https://pypi.python.org/pypi/drf-action-permissions)|[![build](https://img.shields.io/travis/com/abogoyavlensky/drf-action-permissions.svg)](https://travis-ci.com/abogoyavlensky/drf-action-permissions)|[![codecov](https://img.shields.io/codecov/c/github/abogoyavlensky/drf-action-permissions.svg)](https://codecov.io/gh/abogoyavlensky/drf-action-permissions)|

Flexible ability to add action permissions on view level
for Django REST framework. Permissions can be as complex or simple as you want.
It can be a plain string or a function.

## Requirements

- Python (3.6+)
- Django (1.11.x, 2.0+)
- Django REST Framework (3.7+)

## Installation

```bash
$ pip install drf-common-exceptions
```

You cound define common permissions class for whole project:

```
REST_FRAMEWORK = {
...
"DEFAULT_PERMISSION_CLASSES": (
"drf_action_permissions.DjangoActionPermissions",
)
...
}
```

Or use it just for particular viewset in combination with others:

```python
from rest_framework.permissions import IsAuthenticated
from rest_framework.viewsets import ModelViewSet

from drf_action_permissions import DjangoActionPermissions

class MyView(viewsets.ModelViewSet):
permission_classes = (IsAuthenticated, DjangoActionPermissions)
perms_map_action = {
'retrieve': ['users.view_user'],
}
```

## Usage examples

Permission as string template or plain string:
```python
class PostViewSet(ModelViewSet):
permission_classes = (IsAuthenticated, DjangoActionPermissions)
perms_map_action = {
'likes': ['%(app_label)s.view_%(model_name)s_list',
'%(app_label)s.view_like_list'],
}
```

Permission as function with current object access:
```python
def can_view_application(user, _view, obj):
"""Can view only archived applications."""
if obj.is_archived:
return user.has_perm('applications.view_archived_application')
return user.has_perm('applications.view_application')

class ApplicationView(ModelViewSet):
permission_classes = (IsAuthenticated, DjangoActionPermissions)
perms_map_action_obj = {
'retrieve': [can_view_application],
}
```

## Development

Install poetry and requirements:

```bash
$ curl -sSL https://raw.githubusercontent.com/sdispater/poetry/master/get-poetry.py | python
$ python3 -m venv path/to/venv
$ source path/to/venv/bin/activate
$ poetry install
```

Run main commands:

```bash
$ make test
$ make watch
$ make clean
$ make lint
```

Publish to pypi by default patch version:
```bash
$ make publish
```

or any level you want:
```bash
$ make publish minor
```