django-permissions / docs / overview.rst

Overview

django-permissions is a generic framework for per-object permissions for Django based on roles. It follows the concepts as outlined in django.contrib.auth and implements its API to provide row-level permissions. By applying the provided custom authorization backend, you can easily check a user's permissions with user.has_perm, exactly as you would do it with the django.contrib.auth. Additionally, decorators and template tags are provided for convenience.

By default, django-permissions, is based on roles http://en.wikipedia.org/wiki/Role-based_access_control. But to cover various uses cases and reduce complexity where not required, it can easily be customized via settings such that it does not apply the roles concept, but works with the standard Django users and groups only.

There are various alternative tools and approaches. Django itself does provide authentication and permissions, but only by content type and not by object. But Django's approach enables customized authorization backeends http://docs.djangoproject.com/en/1.2/topics/auth/#handling-object-permissions, as they are used by django-permissions. Next to django-permissions, there are other apps that provide their own approach and custom backends like django-guardian, django-authority or django-rulez.

Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.