Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HasObjectPermissionMixin #48

Open
filipeximenes opened this issue Jun 21, 2016 · 4 comments
Open

HasObjectPermissionMixin #48

filipeximenes opened this issue Jun 21, 2016 · 4 comments

Comments

@filipeximenes
Copy link
Contributor

filipeximenes commented Jun 21, 2016
edited 

from django.contrib.auth.views import redirect_to_login
from django.core.exceptions import PermissionDenied
from django.conf import settings

from rolepermissions.verifications import has_object_permission


class HasObjectPermissionMixin(object):
    checker_name = ''

    def dispatch(self, request, *args, **kwargs):
        user = request.user
        if user.is_authenticated():
            self.object = self.get_object()
            if has_object_permission(self.checker_name, request.user, self.object):
                return super().dispatch(request, *args, **kwargs)

        if hasattr(settings, 'ROLEPERMISSIONS_REDIRECT_TO_LOGIN'):
            return redirect_to_login(request.get_full_path())

        raise PermissionDenied
@filipeximenes filipeximenes changed the title CheckObjectPermissionMixin mixin CheckObjectPermissionMixin Jun 21, 2016
@filipeximenes filipeximenes changed the title CheckObjectPermissionMixin HasObjectPermissionMixin Jun 22, 2016
@matteing
Copy link

This is great, thanks.

@matteing
Copy link

I made a few modifications to allow use of messaging framework, and allow guests if an object is published for example. Hope it's of use to someone:

class HasObjectPermissionMixin(object):
    checker_name = ''
    checker_allow_guests = False
    checker_denied_message = None

    def dispatch(self, request, *args, **kwargs):
        user = request.user
        if user.is_authenticated() or self.checker_allow_guests:
            self.object = self.get_object()
            if has_object_permission(self.checker_name, request.user, self.object):
                return super().dispatch(request, *args, **kwargs)

        if hasattr(settings, 'ROLEPERMISSIONS_REDIRECT_TO_LOGIN'):
            if self.checker_denied_message:
                messages.add_message(request, messages.INFO,
                                    self.checker_denied_message)
            return redirect_to_login(request.get_full_path())

        raise PermissionDenied

@adi-
Copy link

adi- commented Aug 23, 2023

Why this is not implemented in official release yet?

@fjsj
Copy link
Member

fjsj commented Sep 5, 2023

Because there are no developers with enough free time to implement this, test this, and ensure it has a good API.
Feel free to open a PR, though. @adi-

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@adi- @fjsj @filipeximenes @matteing