Files changed (5)
+* User can have several roles, directly or via a membership to a group (these are considered as global).
+* User can have local roles, directly or via a membership to a group. That is roles for a specific object.
+**Example**: *Business* is a group that speficies the pricing scheme. *Maria* is a member of *Business*. *John* is not a member of any group.
+**Example**: Typical roles are *Reader*, *Manager* or *Editor*. Content objects may be the blogs "Django News" and "Python News". For the content object "Django News" is a local role defined as *EditorDjangoNews*. *Maria* is assigned to the role *Editor* and *John* is assigned the role *EditorDjangoNews*.
+* If roles are active (see :doc:`settings`) , principal must be a role; if roles are not active, it must be a user or a group.
+**Example**: A permission can either be assigend to the principal *John* (which is a user); or the principal *Editor* (which is a role).
+**Example**: *Can_Edit* is a permission that is specific to the blog content type. Everybody who has that permission for a specific blog, is allowed to edit this blog. The role *Editor* is granted the object permission to edit the blogs *Django News" and "Python News". The role *EditorDjangoNews* is granted the object permission to the edit the blog "Django News" only..
+* Controls, whether the roles concepts is enabled, i.e. whether permissions MUST be assigned to roles only. If False, permissions must be assigned to users or groups only.
+* If this settings is enabled, for each permission that is assigned to a content type, this content type (model calls), will get a check method for that specific permission. E.g. if the permission "edit" is assigned to the model Blog, the model class Blog will get the a method editable, such that you check if a user has the permission "edit" for the blog "Python News": Blog.get(name="Python News").edit(user)
+* If django-permissions adds the permission object check method to the model classes, the name might conflict with existing attributes. Unless this setting is set to False, an Exception will be raised. Please do not change the default, unless you are really sure what you are doing.
+* If this settings is enabled, each content type with an assigned permission, will get a generic check method. E.g. if the permission "edit" is assigned to the model Blog, the model class Blog will get the a method "has_permission", such that you check if a user has the permission "edit" for the blog "Python News": Blog.get(name="Python News").has_permission("edit",user)
+* This string is used the define the the method name of the object permission generic check function.