6 Django packages related to authorization infrastructure and permissions
- Mar 20, 2022
Usage
After installation and project hooks we can finally use object permissions with Django.
Lets start really quickly:
>>> from django.contrib.auth.models import User, Group
>>> jack = User.objects.create_user('jack', '[email protected]', 'topsecretagentjack')
>>> admins = Group.objects.create(name='admins')
>>> jack.has_perm('change_group', admins)
False
>>> from guardian.models import UserObjectPermission
>>> UserObjectPermission.objects.assign_perm('change_group', jack, obj=admins)
<UserObjectPermission: admins | jack | change_group>
>>> jack.has_perm('change_group', admins)
True
Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent OAuthLib, so that everything is rfc-compliant.
If you need an OAuth2 provider you'll want to add the following to your urls.py. Notice that oauth2_provider namespace is mandatory.
urlpatterns = [ ... path('o/', include('oauth2_provider.urls', namespace='oauth2_provider')), ]django oauth2 python
Provide OAuth2 access to your app
Object Moderation Layer
OML_CONFIG = { # True if some groups wont be moderated 'OML_EXCLUDE_MODERATED': True/False, # List of groups id that will be omitted 'OML_EXCLUDED_GROUPS': [] }django django-admin django-models django-permissions permissions python
An enhanced permission system which support object permission in Django
Add our extra authorization/authentication backend
AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', # default 'permission.backends.PermissionBackend', )django framework permission python
Awesome Django authorization, without the database
Features
- Documented, tested, reliable and easy to use.
- Versatile. Decorate callables to build complex graphs of predicates. Predicates can be any type of callable -- simple functions, lambdas, methods, callable class objects, partial functions, decorated functions, anything really.
- A good Django citizen. Seamless integration with Django views, templates and the Admin for testing for object-level permissions.
- Efficient and smart. No need to mess around with a database to figure out whether John really wrote that book.
- Simple. Dive in the code. You'll need 10 minutes to figure out how it works.
- Powerful.
rules
comes complete with advanced features, such as invocation context and storage for arbitrary data, skipping evaluation of predicates under specific conditions, logging of evaluated predicates and more!