eggplant.permissions package

Submodules

eggplant.permissions.admin module

eggplant.permissions.models module

Permission philosophy:

  • Be explicit! Uses boolean fields for specific tasks
  • Be SQL friendly, create permissions that are nice to work with in query set lookups
  • Put logic in decorators
class eggplant.permissions.models.Permission(*args, **kwargs)[source]

Bases: django.db.models.base.Model

Permission roles are a set of permissions. Permissions are modeled as booleans in this model.

What can a user do? Examples from discussion of different roles:

A user is a superuser: Don’t put it here – THIS IS FOR THE global User.is_superuser field!!

A user can create and manage all departments.: E.g. someone from the central commission can add a new department and close an existing one.

A user is a department manager: Can create and delete accounts and user profiles for everyone in a department.

A user is an “intro vagt”: Someone who can create new accounts

A user is a team link: Can manage volunteer shifts

A user owns an account: Can add credit card, can add others to the account

CONCEPT OF THIS MODEL: Create boolean fields for different permissions, create lots of them! We want to be very explicit.

exception DoesNotExist

Bases: django.core.exceptions.ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: django.core.exceptions.MultipleObjectsReturned

all_permissions

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

can_add_user_profiles

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

can_change_account

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

name

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

objects = <django.db.models.manager.Manager object>
save(*args, **kwargs)[source]
userprofile_set

Accessor to the related objects manager on the forward and reverse sides of a many-to-many relation.

In the example:

class Pizza(Model):
    toppings = ManyToManyField(Topping, related_name='pizzas')

pizza.toppings and topping.pizzas are ManyToManyDescriptor instances.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

userprofilepermission_set

Accessor to the related objects manager on the reverse side of a many-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

parent.children is a ReverseManyToOneDescriptor instance.

Most of the implementation is delegated to a dynamically defined manager class built by create_forward_many_to_many_manager() defined below.

class eggplant.permissions.models.UserProfilePermission(*args, **kwargs)[source]

Bases: django.db.models.base.Model

Link between a user profile and a set of permissions (a role).

Example 1:

Check if a user has user creation access to a department:

can_add_users = department.userprofilepermission_set.filter(
    user_profile__user=request.user,
    permission__can_add_user_profiles=True
).exists()

if can_add_users:
    obama_speech = "YES WE CAN"
    print(obama_speech)

Example 2:
Check if user can manage an account, like changing the data:

can_change_account = account.userprofilepermission_set.filter(
    user_profile__user=request.user,
    permission__can_change_accounts=True,
)

if not can_change_account:
    return HttpNotAllowed("piss off")

TODO: Create decorators to manage this easier!

exception DoesNotExist

Bases: django.core.exceptions.ObjectDoesNotExist

exception MultipleObjectsReturned

Bases: django.core.exceptions.MultipleObjectsReturned

account

Accessor to the related object on the forward side of a many-to-one or one-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

child.parent is a ForwardManyToOneDescriptor instance.

account_id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

department

Accessor to the related object on the forward side of a many-to-one or one-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

child.parent is a ForwardManyToOneDescriptor instance.

department_id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

is_global

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

objects = <django.db.models.manager.Manager object>
permission

Accessor to the related object on the forward side of a many-to-one or one-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

child.parent is a ForwardManyToOneDescriptor instance.

permission_id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

user_profile

Accessor to the related object on the forward side of a many-to-one or one-to-one relation.

In the example:

class Child(Model):
    parent = ForeignKey(Parent, related_name='children')

child.parent is a ForwardManyToOneDescriptor instance.

user_profile_id

A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.

Module contents