eggplant.permissions package¶
Submodules¶
eggplant.permissions.admin module¶
eggplant.permissions.models module¶
Permission philosophy:
- Be explicit! Uses boolean fields for specific tasks
- Be SQL friendly, create permissions that are nice to work with in query set lookups
- Put logic in decorators
-
class
eggplant.permissions.models.
Permission
(*args, **kwargs)[source]¶ Bases:
django.db.models.base.Model
Permission roles are a set of permissions. Permissions are modeled as booleans in this model.
What can a user do? Examples from discussion of different roles:
A user is a superuser: Don’t put it here – THIS IS FOR THE global User.is_superuser field!!
A user can create and manage all departments.: E.g. someone from the central commission can add a new department and close an existing one.
A user is a department manager: Can create and delete accounts and user profiles for everyone in a department.
A user is an “intro vagt”: Someone who can create new accounts
A user is a team link: Can manage volunteer shifts
A user owns an account: Can add credit card, can add others to the account
CONCEPT OF THIS MODEL: Create boolean fields for different permissions, create lots of them! We want to be very explicit.
-
exception
DoesNotExist
¶ Bases:
django.core.exceptions.ObjectDoesNotExist
-
exception
MultipleObjectsReturned
¶ Bases:
django.core.exceptions.MultipleObjectsReturned
-
all_permissions
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
can_add_user_profiles
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
can_change_account
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
id
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
name
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
objects
= <django.db.models.manager.Manager object>¶
-
userprofile_set
¶ Accessor to the related objects manager on the forward and reverse sides of a many-to-many relation.
In the example:
class Pizza(Model): toppings = ManyToManyField(Topping, related_name='pizzas')
pizza.toppings
andtopping.pizzas
areManyToManyDescriptor
instances.Most of the implementation is delegated to a dynamically defined manager class built by
create_forward_many_to_many_manager()
defined below.
-
userprofilepermission_set
¶ Accessor to the related objects manager on the reverse side of a many-to-one relation.
In the example:
class Child(Model): parent = ForeignKey(Parent, related_name='children')
parent.children
is aReverseManyToOneDescriptor
instance.Most of the implementation is delegated to a dynamically defined manager class built by
create_forward_many_to_many_manager()
defined below.
-
exception
-
class
eggplant.permissions.models.
UserProfilePermission
(*args, **kwargs)[source]¶ Bases:
django.db.models.base.Model
Link between a user profile and a set of permissions (a role).
Example 1:
Check if a user has user creation access to a department: can_add_users = department.userprofilepermission_set.filter( user_profile__user=request.user, permission__can_add_user_profiles=True ).exists() if can_add_users: obama_speech = "YES WE CAN" print(obama_speech) Example 2: Check if user can manage an account, like changing the data: can_change_account = account.userprofilepermission_set.filter( user_profile__user=request.user, permission__can_change_accounts=True, ) if not can_change_account: return HttpNotAllowed("piss off")
TODO: Create decorators to manage this easier!
-
exception
DoesNotExist
¶ Bases:
django.core.exceptions.ObjectDoesNotExist
-
exception
MultipleObjectsReturned
¶ Bases:
django.core.exceptions.MultipleObjectsReturned
-
account
¶ Accessor to the related object on the forward side of a many-to-one or one-to-one relation.
In the example:
class Child(Model): parent = ForeignKey(Parent, related_name='children')
child.parent
is aForwardManyToOneDescriptor
instance.
-
account_id
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
department
¶ Accessor to the related object on the forward side of a many-to-one or one-to-one relation.
In the example:
class Child(Model): parent = ForeignKey(Parent, related_name='children')
child.parent
is aForwardManyToOneDescriptor
instance.
-
department_id
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
id
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
is_global
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
objects
= <django.db.models.manager.Manager object>¶
-
permission
¶ Accessor to the related object on the forward side of a many-to-one or one-to-one relation.
In the example:
class Child(Model): parent = ForeignKey(Parent, related_name='children')
child.parent
is aForwardManyToOneDescriptor
instance.
-
permission_id
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
user_profile
¶ Accessor to the related object on the forward side of a many-to-one or one-to-one relation.
In the example:
class Child(Model): parent = ForeignKey(Parent, related_name='children')
child.parent
is aForwardManyToOneDescriptor
instance.
-
user_profile_id
¶ A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
-
exception