A simple proposal to add roles

[suriya]

There has been some discussion in the past #23 about adding roles support in django-guardian. However, it did not move far. This is probably because adding roles to django-guardian seems like a very complex task.

I think I have a very simple proposal. I would like to put it forward and if there is interest, implement it. At present, I have my own fork of django-guardian which this functionality. It would be great to see this used by others as well.

The core of django-guardian's permission checking for a view is implemented in the function get_403_or_None(). This function checks that a user has all the required permissions. https://github.com/lukaszb/django-guardian/blob/112c373f213a19d93baa81fa4a941a41333115b5/guardian/utils.py#L98

has_permissions = all(request.user.has_perm(perm, obj) for perm in perms)

Supporting roles is a minor change. Instead of checking that a user has all permissions, we simply have to check whether a user satisfies at least one permission. Something like

if require_all_permissions:
    has_permissions = all(request.user.has_perm(perm, obj) for perm in perms)
else:
    has_permissions = any(request.user.has_perm(perm, obj) for perm in perms)

should do it. To add this support, all we need is to define a new flag in get_403_or_None() and its callers that specifies whether we want all or just some permissions to be satisfied.

[brianmay]

Copied text to #23.

[brianmay]

Moving discussion to #23.