RignonNoel
commented
3 years ago With this package you define the permissions from the models, so imagine for example that you maintain a blog project: you can create some custom permissions in your Article or Post models by adding some methods like:
class Post(models.Model):
[...]
@authenticated_users
def has_create_permission(request):
# Replace the code here for your own conditions
# In this example we will limit new Post to user that validated their emails before contributing to the Blog
return request.user.has_validated_email()You can based your condition on Django basic permissions or on a custom permissions system you maintain.
So do not hesitate to base your conditions on Django's Groups or Permissions
You will have the possibility to add some specific conditions like if the user have the right to edit a specific Article or Post based and if he's the author or not:
class Post(models.Model):
author = models.ForeignKey(User, on_delete=models.CASCADE)
@authenticated_users
def has_object_edit_permission(self, request):
return self.author.id == request.user.id
noobmaster19
Hello , sorry if this is a noob question. I am considering using this package to implement a RBAC system for my django x react application. However , reading through the documentations , im pretty confused as to how one would specify the user's permissions. In the django's default permissions system , this would be defined within the django administrator itself. Does this package follow on the same idea?