search

daisylb / bridgekeeper

Django permissions, but with QuerySets
https://bridgekeeper.leigh.party/
MIT License
41 stars 14 forks source link

The example for rules.ManyRelation is confusing #4

Closed YukinoHayakawa closed 5 years ago

YukinoHayakawa commented 6 years ago 
perms['foo.view_customer'] = ManyRelation(
    'agencies', Agency, Is(lambda user: user.agency))

The example in the doc seems to miss the parameter query_attr. The model relationships involved in this example are also not very clear. If the ManyToManyField is defined in Customer and I check this permission against that model, does this mean that the permission is granted if any agency in Customer.agencies is matched with user.agency?

YukinoHayakawa commented 6 years ago

By reading the code I figured out it first filter out instance from model that satisfying the rule, and grants the permission if any instance in attr is in that set. In this case it grants permission if any of agencies is user.agency.

daisylb commented 6 years ago

Yep, that's correct. Thanks for bringing the documentation error to my attention!

daisylb commented 5 years ago

I'm closing this because now that #3 is fixed, ManyRelation no longer takes those extra args anyway! Hooray!

Thanks again for checking out the project and reporting the error <3

YukinoHayakawa commented 5 years ago

I'm closing this because now that #3 is fixed, ManyRelation no longer takes those extra args anyway! Hooray!

Thanks again for checking out the project and reporting the error <3

It has been a long time and I don't actually even understand my question now since I haven't been dealing with database since then : )