Django group based User Access Control

2018-06-26 05:46:56

In my Django admin i added new field called privilage class along with groups and user permissions .

so, my user table having privilage_class based on i am giving access to multiple groups. each groups having user_permissions.

I made admin setup but permissions was not implemented . what to do beyond?

for eg:

user having priv class executive 
Privilege class if executive he having access to multiple groups->
    Assets
    Billing
    etc

Each groups carries user permissions (URL),

Assets -> assets related URL
Billing -> related URLs
etc...

setup has been done. but dont know how to apply permission.

i know difficult to understand but pro will understand. so kindly help me regarding this.

i am using django and DRF as well

Thanks in advance!

You have to write your own custom permission class to decide what to do when a user belongs to a particular privilege class. This url [1] has the docs to implement it.

An example implementation:

class UserPrevilagePermission(permissions.BasePermission):

    def has_permission(self, request, view):
        user = request.user
        # check if the user has required permission based on request url
        if 'assets' in request.path:
           # decide which perm to check
           if user.has_perm('perm-name-to-check'):
               return True
        return False

Now use this permission class in your views as explained here [2].

Check out django's permission methods on the user object from here [3].

[1] http://www.django-rest-framework.org/api-guide/permissions/#custom-permissions

[2] http://www.django-rest-framework.org/api-guide/permissions/#setting-the-permission-policy

[3] https://docs.djangoproject.com/en/1.11/ref/contrib/auth/#methods

链接地址: http://www.djcxy.com/p/73404.html

上一篇: 如何防止流星观看文件？

下一篇: 基于Django组的用户访问控制