1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114
|
===============
django-guardian
===============
.. image:: https://travis-ci.org/django-guardian/django-guardian.svg?branch=devel
:target: https://travis-ci.org/django-guardian/django-guardian
``django-guardian`` is an implementation of per object permissions [1]_ on top
of Django's authorization backend
Documentation
-------------
Online documentation is available at https://django-guardian.readthedocs.io/.
Requirements
------------
* Python 2.7 or 3.4+
* A supported version of Django (currently 1.8+)
Travis CI tests on Django version 1.8, 1.10, and 1.11.
Installation
------------
To install ``django-guardian`` simply run::
pip install django-guardian
Configuration
-------------
We need to hook ``django-guardian`` into our project.
1. Put ``guardian`` into your ``INSTALLED_APPS`` at settings module:
.. code:: python
INSTALLED_APPS = (
...
'guardian',
)
2. Add extra authorization backend to your ``settings.py``:
.. code:: python
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend', # default
'guardian.backends.ObjectPermissionBackend',
)
3. Create ``guardian`` database tables by running::
python manage.py migrate
Usage
-----
After installation and project hooks we can finally use object permissions
with Django_.
Lets start really quickly:
.. code:: python
>>> from django.contrib.auth.models import User, Group
>>> jack = User.objects.create_user('jack', 'jack@example.com', 'topsecretagentjack')
>>> admins = Group.objects.create(name='admins')
>>> jack.has_perm('change_group', admins)
False
>>> from guardian.models import UserObjectPermission
>>> UserObjectPermission.objects.assign_perm('change_group', jack, obj=admins)
<UserObjectPermission: admins | jack | change_group>
>>> jack.has_perm('change_group', admins)
True
Of course our agent jack here would not be able to *change_group* globally:
.. code:: python
>>> jack.has_perm('change_group')
False
Admin integration
-----------------
Replace ``admin.ModelAdmin`` with ``GuardedModelAdmin`` for those models
which should have object permissions support within admin panel.
For example:
.. code:: python
from django.contrib import admin
from myapp.models import Author
from guardian.admin import GuardedModelAdmin
# Old way:
#class AuthorAdmin(admin.ModelAdmin):
# pass
# With object permissions support
class AuthorAdmin(GuardedModelAdmin):
pass
admin.site.register(Author, AuthorAdmin)
.. [1] Great paper about this feature is available at `djangoadvent articles <https://github.com/djangoadvent/djangoadvent-articles/blob/master/1.2/06_object-permissions.rst>`_.
.. _Django: http://www.djangoproject.com/
|