Django 1.2 object level permissions - third party solutions?

Since Django 1.2 final is almost out, I am curious if there are already projects that use the new object level permissions / row level permissions system. Django-authority, which is a possible solution for Django up to 1.1, has not been updated for a while, and does not (yet) use the new permissions system. It seems to me that Django-Authority is in a comatose state.

Does someone know about upcoming or maybe even finished solutions? I'd appreciate any good links to active projects with at least some downloadable content very much.


Asked by: Lenny612 | Posted: 06-12-2021






Answer 1

I used https://github.com/lukaszb/django-guardian when it was still in version 0.2 on a project and it was rather complete and bug free.

Yes I did have to write my own 'check_permission' view decorator as at the time it didn't have it included yet - but at least from version 1.0 it is there.

The author was also very quick to respond to an issue I had migrating from 0.2 - overall I've been happy with it and hence made it part of my project skeleton template.

Answered by: John669 | Posted: 07-01-2022



Answer 2

Finally, I found really good stuff: Florian Apolloner wrote a howto on djangoadvent: http://djangoadvent.com/1.2/object-permissions/ Now that's what I'm gonna use :)

Something useful might be as well: http://github.com/washingtontimes/django-objectpermissions (link dead as of 2011-07-18)

Answered by: Freddie459 | Posted: 07-01-2022



Answer 3

I have released a Django-app called django-rules which lets you manage per object permissions in a flexible, dynamic and scalable way. You might want to check it out.

Answered by: Julian926 | Posted: 07-01-2022



Answer 4

I tried using django-granular-permissions for a site a while ago, but was unable to get it to do what I needed (this may have been my own inability to understand what I needed to do rather than the app). Looking at the google code site's updates tab, it looks to not have had any work done on it since Summer/Autumn last year so it may be another dead duck.

Answered by: Fenton363 | Posted: 07-01-2022



Answer 5

OSU Open Source Labs has an implementation of object level permissions here

Answered by: Luke180 | Posted: 07-01-2022



Answer 6

First of all, the main source of information is djangopackages.com's perms grid: "A grid of all packages implementing permissions for users and groups in your Django project". (Beware some packages are named very similarly, e.g. an 's' or a dash is the only difference)

Then, reviewing each package features (considering only the somewhat-actively maintained subset), these are the main candidates:

  • django-guardian: “implementation of per object permissions as authorization backend which is supported since Django 1.2.” pypi, repo, docs.

  • django-permissions: “Generic per-object permissions for Django”. “django-permissions provides per-object permissions for Django on roles”. pypi, original repo, most updated fork, docs.

  • django-authority: “provides generic per-object-permissions for Django's auth app.” “Django app for per-object-permissions that includes a bunch of helpers to create custom permission checks.” pypi, original repo, most updated fork, docs.

There are others that for one reason or the other did not make the cut:

PS: This answer was written according to the current state of open source packages, more than 2 years after the question was asked. Although not too thorough, I hope this work will help those that are in the same situation I was.

Answered by: Roman224 | Posted: 07-01-2022



Similar questions

zip - Set permissions on a compressed file in python

I have a file test.txt that is inside a zip archive test.zip. The permissions on test.txt are out of my control when it's compressed, but now I want them to be group-writeable. I am extracting the file with Python, and don't want to escape out to the shell. EDIT: Here's what I've got so far: import zipfile z = zipfile.ZipFile('test.zip', 'w'...


python - Will Django be a good choice for a permissions based web-app?

I've been exploring the details of Django for about a week now and like what I see. However I've come upon some.. negativity in relation to fine-grained control of permissions to the CRUD interface. What I'm writing is an Intranet client management web-app. The organisation is about 6 tiers, and I need to restrict access to client groups based on tiers. Continually expanding. I have a fairly good idea how I'm going...


python - Amazon S3 permissions

Trying to understand S3...How do you limit access to a file you upload to S3? For example, from a web application, each user has files they can upload, but how do you limit access so only that user has access to that file? It seems like the query string authentication requires an expiration date and that won't work for me, is there another way to do this?


chmod - check permissions of directories in python

i want a python program that given a directory, it will return all directories within that directory that have 775 (rwxrwxr-x) permissions thanks!


python - Permissions for a site only

I have a multilingual Django project. Every language is a different subdomain. So we've decided to use the "sites" application and to create one different site for every language. On that project, I also have a "pages" application, which is quite similar to a CMS. The user can create pages with content and they'll be displayed in the appropriate language site. Now I'm looking to be able to manage advanced p...


python - DB Permissions with Django unit testing

Disclaimer: I'm very new to Django. I must say that so far I really like it. :) (now for the "but"...) But, there seems to be something I'm missing related to unit testing. I'm working on a new project with an Oracle backend. When you run the unit tests, it immediately gives a permissions error when trying to create the schema. So, I get what it's trying to do (create a clean sandbox), but what...


python - How do I change permissions to a socket?

I am trying to run a simple Python based web server given here. And I get the following error message: Traceback (most recent call last): File "webserver.py", line 63, in <module> main() File "webserver.py", line 55, in main server = HTTPServer(('', 80), MyHandler) File "/usr/lib/python2.5/SocketSe...


linux - Dropping Root Permissions In Python

I'd like to have a Python program start listening on port 80, but after that execute without root permissions. Is there a way to drop root or to get port 80 without it?


setting permissions of python module (python setup install)

I am configuring a distutils-based setup.py for a python module that is to be installed on a heterogeneous set of resources. Due to the heterogeneity, the location where the module is installed is not the same on each host however disutils picks the host-specific location. I find that the module is installed without o+rx permissions using disutils (in spite of setting umask ahead of running setup.py). One solutio...


python - Django Inlines user permissions + view only - permissions issues

I'm not sure if this is a bug or I'm just missing something (although I have already parsed the documentation about inlines), but: Let's say I have a model A. Model A is an inline of model B. User U has full access to model B, but only change permissions to model A (so, no add, nor delete). However, when editing model B, user U can still see the "Add another A" link at the bottom, although U hasn't add perm...






Still can't find your answer? Check out these communities...



PySlackers | Full Stack Python | NHS Python | Pythonist Cafe | Hacker Earth | Discord Python



top