Per object permissions for Django

Last update: Jan 04, 2023

Related tags

Django django-guardian

Overview

django-guardian

django-guardian is an implementation of per object permissions [1] on top of Django's authorization backend

Documentation

Online documentation is available at https://django-guardian.readthedocs.io/.

Requirements

Python 3.5+
A supported version of Django (currently 2.2+)

GitHub Actions run tests against Django versions 2.2, 3.0, 3.1, 3.2, and main.

Installation

To install django-guardian simply run:

pip install django-guardian

Configuration

We need to hook django-guardian into our project.

Put guardian into your INSTALLED_APPS at settings module:

INSTALLED_APPS = (
 ...
 'guardian',
)

Add extra authorization backend to your settings.py:

AUTHENTICATION_BACKENDS = (
    'django.contrib.auth.backends.ModelBackend', # default
    'guardian.backends.ObjectPermissionBackend',
)

Create guardian database tables by running:
```
python manage.py migrate
```

Usage

After installation and project hooks we can finally use object permissions with Django.

Lets start really quickly:

>>> from django.contrib.auth.models import User, Group
>>> jack = User.objects.create_user('jack', '[email protected]', 'topsecretagentjack')
>>> admins = Group.objects.create(name='admins')
>>> jack.has_perm('change_group', admins)
False
>>> from guardian.models import UserObjectPermission
>>> UserObjectPermission.objects.assign_perm('change_group', jack, obj=admins)
<UserObjectPermission: admins | jack | change_group>
>>> jack.has_perm('change_group', admins)
True

Of course our agent jack here would not be able to change_group globally:

>>> jack.has_perm('change_group')
False

Admin integration

Replace admin.ModelAdmin with GuardedModelAdmin for those models which should have object permissions support within admin panel.

For example:

from django.contrib import admin
from myapp.models import Author
from guardian.admin import GuardedModelAdmin

# Old way:
#class AuthorAdmin(admin.ModelAdmin):
#    pass

# With object permissions support
class AuthorAdmin(GuardedModelAdmin):
    pass

admin.site.register(Author, AuthorAdmin)

[1]	Great paper about this feature is available at djangoadvent articles.

Per object permissions for Django

Related tags

Overview

django-guardian

Documentation

Requirements

Installation

Configuration

Usage

Admin integration

Owner

Repo for All the Assignments I have to submit for Internship Application !😅

Django project starter on steroids: quickly create a Django app AND generate source code for data models + REST/GraphQL APIs (the generated code is auto-linted and has 100% test coverage).

Simple API written in Python using FastAPI to store and retrieve Books and Authors.

A fresh approach to autocomplete implementations, specially for Django.

Keep track of failed login attempts in Django-powered sites.

A Django application that provides country choices for use with forms, flag icons static files, and a country field for models.

A Django app that allows visitors to interact with your site as a guest user without requiring registration.

☄️ Google Forms autofill script

A app for managing lessons with Django

A django model and form field for normalised phone numbers using python-phonenumbers

📝 Sticky Notes in Django admin

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

APIs for a Chat app. Written with Django Rest framework and Django channels.

Учебное пособие по основам Django и сопутствующим технологиям

Full control of form rendering in the templates.

:couple: Multi-user accounts for Django projects

Hotwired/Turbo Django response helpers

A django model and form field for normalised phone numbers using python-phonenumbers

User Authentication In Django/Ajax/Jquery

A blog app powered by python-django