Closed mjaquiery closed 8 months ago
I recommend squashing if/when we merge because the commits don't really make sense separately.
FYI I had to update pytest
to get the tests to run, so I hope they also run in the travis CI workflow.
@RignonNoel are you able to review these changes? It's a very helpful library and it'd be good to be able to use the updated version cleanly in my project if the changes are suitable for general release.
@RignonNoel @MelanieFJNR is anyone from FJNR watching this repository? I'm grateful you're officially supporting this project but I would appreciate a response to this PR, please.
Hi @mjaquiery , Thank you for your patience and your contribution. I will ask my colleague @RomainFayolle to review your PR during the week.
Thanks @RomainFayolle, @MelanieFJNR, and thanks again for adopting this useful project!
@mjaquiery thanks for the good work, and sorry for the delay. It is a useful PR, I like having the possibilities to add more details when possible. I Approved the changed but I would like to double check with @RignonNoel before merging, should be done today if it's all good.
Thanks @mjaquiery! We will prepare a new release and make that available on Pypi asap.
What have you changed ?
Added support for returning non-boolean values from permission methods.
dict
with 'message' (str) and 'code' (int) keys will allow you to provide a reason and custom HTTP status code in the responsestr
will allow you to provide a reason in the responseint
will allow you to provide a custom HTTP status code in the responsetuple
(message, code) will allow you to provide a reason and custom HTTP status code in the responseHow did you change it ? (architectural consideration)
Return values for
DRYPermissions.has_permission()
andDRYPermissions.has_object_permission()
are now run throughDRYPermissions._process_permission_result()
where non-boolean values are scraped for message/code information. That information is used to updateself.message
andself.code
, and boolean False is returned. This means that Django's genericAPIView.permission_denied()
method recieves the message and code for further processing.Is there a special consideration?
None that I'm aware of - should integrate with Django's preferred approach.
Verification :