1. schacki
  2. django-permissions


django-permissions / docs / overview.rst


django-permissions is a generic framework for per-object permissions for Django based on roles. It follows the concepts as outlined in django.contrib.auth and implements its API to provide row-level permissions. By applying the provided custom authorization backend, you can easily check a user's permissions with user.has_perm, exactly as you would do it with the django.contrib.auth. Additionally, decorators and template tags are provided for convenience.

By default, django-permissions, is based on roles http://en.wikipedia.org/wiki/Role-based_access_control. But to cover various uses cases and reduce complexity where not required, it can easily be customized via settings such that it does not apply the roles concept, but works with the standard Django users and groups only.

There are various alternative tools and approaches. Django itself does provide authentication and permissions, but only by content type and not by object. But Django's approach enables customized authorization backeends http://docs.djangoproject.com/en/1.2/topics/auth/#handling-object-permissions, as they are used by django-permissions. Next to django-permissions, there are other apps that provide their own approach and custom backends like django-guardian, django-authority or django-rulez.