Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/allisson/django-rest-framework-role-filters

Simple role filtering for django-rest-framework
https://github.com/allisson/django-rest-framework-role-filters

django python rest-framework role

Last synced: 3 months ago
JSON representation

Simple role filtering for django-rest-framework

Awesome Lists containing this project

README

        

django-rest-framework-role-filters
==================================

.. image:: https://github.com/allisson/django-rest-framework-role-filters/workflows/tests/badge.svg
:target: https://github.com/allisson/django-rest-framework-role-filters/actions

.. image:: https://img.shields.io/pypi/v/djangorestframework-role-filters.svg
:target: https://pypi.python.org/pypi/djangorestframework-role-filters

.. image:: https://img.shields.io/github/license/allisson/django-rest-framework-role-filters.svg
:target: https://pypi.python.org/pypi/djangorestframework-role-filters

.. image:: https://img.shields.io/pypi/pyversions/djangorestframework-role-filters.svg
:target: https://pypi.python.org/pypi/djangorestframework-role-filters

How to install
--------------

.. code:: shell

pip install djangorestframework-role-filters

Why i wrote this project?
-------------------------

I want work easily with roles without multiple ifs in code

How to use
----------

Create role_filters.py with your roles definitions

.. code:: python

from rest_framework_role_filters.role_filters import RoleFilter

from .serializers import PostSerializerForUser

class AdminRoleFilter(RoleFilter):
role_id = 'admin'

class UserRoleFilter(RoleFilter):
role_id = 'user'

def get_allowed_actions(self, request, view, obj=None):
# This example returns same list both for "global permissions" check,
# and for "object" permissions, but different list may be returned
# if `obj` argument is not None, and this list will be used to check
# if action is allowed during call to `ViewSet.check_object_permissions`
return ['create', 'list', 'retrieve', 'update', 'partial_update']

def get_queryset(self, request, view, queryset):
queryset = queryset.filter(user=request.user)
return queryset

def get_serializer_class(self, request, view):
return PostSerializerForUser

def get_serializer(self, request, view, serializer_class, *args, **kwargs):
fields = (
'body',
'created_at',
'id',
'serializer_name',
'title',
'updated_at',
'user',
)
return serializer_class(*args, fields=fields, **kwargs)

Create viewset and override get_role_id method

.. code:: python

from rest_framework_role_filters.viewsets import RoleFilterModelViewSet

from .models import Post
from .role_filters import AdminRoleFilter, UserRoleFilter
from .serializers import PostSerializer

class PostViewSet(RoleFilterModelViewSet):
queryset = Post.objects.all()
serializer_class = PostSerializer
role_filter_classes = [AdminRoleFilter, UserRoleFilter]

def get_role_id(self, request):
return request.user.role.role_id

def perform_create(self, serializer):
serializer.save(user=self.request.user)

If role_id is 'admin':

* All actions are allowed
* The default queryset is returned - :code:`Post.objects.all()`
* The default :code:`serializer_class` is used - :code:`PostSerializer`
* The default viewset :code:`get_serializer` method is used

If role_id is 'user':

* Only actions 'create', 'list', 'retrieve', 'update', 'partial_update' are allowed
* The queryset is filtered by user
* The :code:`serializer_class=PostSerializerForUser` is used
* The serializer initializing with :code:`fields` kwargs (e.g. for modified serializer as described in
`DRF: Dynamically modifying fields `_)

Check `testapp example `_ code implementation.