Comments (3)
bauergeorg
commented on July 4, 2024
For detailed explaination:
I have users. They could be a member of a group. I can set Group/User permission for every specific deployment. And I want to set User/Group permissions for a project with a special type.
a) How could I ask guardian (in a elegant way) to list all deployments and projects by the logged in user?
b) How could I ask guardian (in a elegant way) to restrict site access?
from django-guardian.
bauergeorg
commented on July 4, 2024
By the meantime I tried to solve the problem with own functions:
def filter_auth_user_deployments(user, inputs):
# init empty list
result_list = []
deployments_with_permission = auth_user_deployments(user)
# filter deployments with permission
for input in inputs:
if input in deployments_with_permission:
result_list.append(input)
return result_list
# project permission managament
def auth_user_projects(user):
''' returns a queryset of projects allowed for auth user '''
# init an empty project list
project_list = []
# get checker
checker = ObjectPermissionChecker(user)
# get all projects
projects = Project.objects.all()
# prefetch the permissions
checker.prefetch_perms(projects)
# scan all projects
for project in projects:
# if user has permission to this project
if checker.has_perm('software.view_project', project):
# add to list
project_list.append(project.pk)
# get all deployments
deployments = Deployment.objects.all()
# prefetch the permissions
checker.prefetch_perms(deployments)
# scan all deployments
for deployment in deployments:
# if user has permission to a deployment of a project
if checker.has_perm('software.view_deployment', deployment):
# add to project list
if deployment.project.pk not in project_list:
project_list.append(deployment.project.pk)
# filter by a variable captured from url, for example
return projects.filter(pk__in=project_list)
# deployment permission managament
def auth_user_deployments(user):
''' returns a queryset of deployments allowed for auth user '''
# init an empty deployment list
deployment_list = []
# get checker
checker = ObjectPermissionChecker(user)
# init empty permission list of structs:
# {'project':<title>, 'codename':<perm_codename>, 'type':<name>}
auth_user_projects_list = []
# check user permission
user_permission = ProjectUserObjectPermission.objects.filter(user=user)
for values in user_permission.values():
project = Project.objects.get(id=values['content_object_id'])
perm_codename = Permission.objects.get(id=values['permission_id']).codename
type = DeploymentType.objects.get(id=values['type_id'])
add_struct = {'project':project.title, 'codename':perm_codename, 'type':type.name}
# add
auth_user_projects_list.append(add_struct)
# check group permission
# get groups
groups = user.groups.all()
for group in groups:
# check group permission
group_permission = ProjectGroupObjectPermission.objects.filter(group=group)
for values in group_permission.values():
project = Project.objects.get(id=values['content_object_id'])
perm_codename = Permission.objects.get(id=values['permission_id']).codename
type = DeploymentType.objects.get(id=values['type_id'])
add_struct = {'project':project.title, 'codename':perm_codename, 'type':type.name}
# add
auth_user_projects_list.append(add_struct)
# get all deployments
deployments = Deployment.objects.all()
# Prefetch the permissions
checker.prefetch_perms(deployments)
# scan all deployments
for deployment in deployments:
# if user has permission to this deployment
if checker.has_perm('software.view_deployment', deployment):
# add to list
deployment_list.append(deployment.pk)
# if user has permission to this project
else:
for auth_user_projects in auth_user_projects_list:
if auth_user_projects['project'] == deployment.project.title and auth_user_projects['codename'] == 'view_project' and auth_user_projects['type'] == deployment.type.name:
deployment_list.append(deployment.pk)
break
# filter by a variable captured from url, for example
return deployments.filter(pk__in=deployment_list)```from django-guardian.
kmmbvnr
commented on July 4, 2024
Isn't django-guaradian shortcut get-objects-for-user supports all required scenarious even with custom fk permissions models?
https://django-guardian.readthedocs.io/en/stable/api/guardian.shortcuts.html#get-objects-for-user
from django-guardian.
Related Issues (20)
- How to suggest a selection at dropdown menu on the admin site HOT 2
- get_perms returns empty list while get_user_perms returns permissions HOT 2
- Support `only_with_perms_in` in `shortcuts.get_groups_with_perms`
- has_perm returns False despite perms being present HOT 1
- Get objects with no permissions assigned HOT 1
- perfetch_perms fails on empty list
- Unable to create anonymous user HOT 3
- Improve performance of shortcuts HOT 3
- Assiging Permissions not Designed for the Class
- Enabling Discussions on the repo HOT 1
- N+1 Query
- [Feature Request] Add support for Django 4.2 HOT 2
- capture or provide way to capture change_permission events HOT 3
- Async support for PermissionRequiredMixin
- Async support for PermissionRequiredMixin HOT 2
- Provide a shortcut function for "reassigning" user permissions. HOT 1
- Performance Issue in filter_perms_queryset_by_objects
- `prefetch_terms(queryset)` evaluates queryset twice via `values_list()`
- assign_perm doesn't work for user permission, if group permission is already there
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-guardian.