Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/yourlabs/django-rules-light

Maintenance only
https://github.com/yourlabs/django-rules-light

Last synced: 4 days ago
JSON representation

Maintenance only

Awesome Lists containing this project

README 

        
.. image:: https://secure.travis-ci.org/yourlabs/django-rules-light.png?branch=master

    :target: http://travis-ci.org/yourlabs/django-rules-light

.. image:: https://img.shields.io/pypi/dm/django-rules-light.svg

    :target: https://crate.io/packages/django-rules-light

.. image:: https://img.shields.io/pypi/v/django-rules-light.svg   

    :target: https://crate.io/packages/django-rules-light



This is a simple alternative to django-rules. Its core difference is that

it does not rely on models. Instead, it uses a registry which can be

modified at runtime.



One of its goals is to enable developers of external apps to make rules,

depend on it, while allowing a project to override rules.



Example ``your_app/rules_light_registry.py``:



.. code-block:: python



    # Everybody can read a blog post (for now!):

    rules_light.registry['blog.post.read'] = True



    # Require authentication to create a blog post, using a shortcut:

    rules_light.registry['blog.post.create'] = rules_light.is_authenticated



    # But others shouldn't mess with my posts !

    def is_staff_or_mine(user, rule, obj):

        return user.is_staff or obj.author == user



    rules_light.registry['blog.post.update'] = is_staff_or_mine

    rules_light.registry['blog.post.delete'] = is_staff_or_mine



Example ``your_app/views.py``:



.. code-block:: python



    @rules_light.class_decorator

    class PostDetailView(generic.DetailView):

        model = Post



    @rules_light.class_decorator

    class PostCreateView(generic.CreateView):

        model = Post



    @rules_light.class_decorator

    class PostUpdateView(generic.UpdateView):

        model = Post



    @rules_light.class_decorator

    class PostDeleteView(generic.DeleteView):

        model = Post



You might want to read the `tutorial

`_ for

more.



What's the catch ?

------------------



The catch is that this approach does not offer any feature to get secure

querysets.



This means you have to:



- think about security when making querysets,

- `override

  `_

  eventual external app ListViews,



Requirements

------------



- Python 2.7+ (Python 3 supported)

- Django 1.8+



Quick Install

-------------



- Install module: ``pip install django-rules-light``,

- Add to ``settings.INSTALLED_APPS``: ``rules_light``,

- Add in ``settings.MIDDLEWARE_CLASSES`` (or ``settings.MIDDLEWARE`` for Django 1.10+): ``rules_light.middleware.Middleware``,



You might want to read the `tutorial

`_.



There is also a lot of documentation, from the core to the tools, including

pointers to debug, log and test your security.



Contributing

------------



Run tests with the `tox

`_ command. Documented patches passing all

tests have a better chance to get merged in. See `community guidelines

`_ for details.



Resources

---------



To ask questions or just get informed about package updates, you could

subscribe to the mailing list.



- `Mailing list graciously hosted

  `_ by `Google

  `_

- `Git graciously hosted

  `_ by `GitHub

  `_,

- `Documentation graciously hosted

  `_ by `RTFD

  `_,

- `Package graciously hosted

  `_ by `PyPi

  `_,

- `Continuous integration graciously hosted

  `_ by `Travis-ci

  `_