Skip to content
/ django-rest-access Public

Django REST Framework permissions backend based on the django-access package

License

LGPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nnseva/django-rest-access

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

example

example

 
 

rest_access

rest_access

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

README.rst

README.rst

 
 

build.sh

build.sh

 
 

create-version.sh

create-version.sh

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

tox.ini

tox.ini

 
 

Repository files navigation

Build Status

Django-REST-Access

The Django-REST-Access package provides a permissions backend for the Django REST Framework using access rules defined by the Django-Access package.

Installation

Stable version from the PyPi package repository

pip install django-rest-access

Last development version from the GitHub source version control system

pip install git+git://github.com/nnseva/django-rest-access.git

Configuration

Include the rest_framework, access, and rest_access applications into the INSTALLED_APPS list, like:

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    ...
    'rest_framework',
    'access',
    'rest_access',
    ...
]

Using

Define access rules

Define access rules as it is described in the Django-Access package documentation.

Serializer Mixin

Use rest_access.access.AccessSerializerMixin as a first of base classes for every Serializer in your API description which should be controlled by access rules defined using Django-Access package, like:

from rest_framework import serializers, viewsets
from rest_access.access import AccessSerializerMixin
from django.contrib.auth.models import User, Group

...

class GroupSerializer(AccessSerializerMixin, serializers.HyperlinkedModelSerializer):
    class Meta:
        model = Group
        fields = ('url', 'id', 'name')

Authorization backend to use

The authorization backend rest_access.access.AccessPermission should be used as the both, permission control backend and filtering class.

The rest_access.access.AccessPermission can be used together with other permission control backends and filtering classes without restrictions.

Using authorization backend individually for selected model views

You can assign a permissions control backend and filtering class for the sole, or some subset of model views or viewsets like it is described in the Django REST Framework permission documentation and Django REST Framework filtering documentation correspondingly:

from rest_framework import serializers, viewsets
...

class SomeModelViewSet(viewsets.ModelViewSet):
    ...
    permission_classes = ['rest_access.access.AccessPermission']
    filter_backends = ['rest_access.access.AccessPermission']

Using authorization backend as a default one

You can assign a permission control backend and filtering class as default ones for all views in the project using settings module as it is described in the Django REST Framework settings documentation:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_access.access.AccessPermission'
    ],
    'DEFAULT_FILTER_BACKENDS': [
        'rest_access.access.AccessPermission'
    ],
}

About

Django REST Framework permissions backend based on the django-access package

Topics

django dynamic django-rest-framework permissions evaluation drf django-rest guard authorization access access-control instance-level authority authorization-backend row-level django-access evaluation-based permissions-backend

Resources

Readme

License

LGPL-3.0 license
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages