New permission system
In most cases, permissions that depend on roles should be based on groups.
Roles on an object should be passed through a ForeignKey to django.contrib.auth.models.Group
.
Permissions can then be specified through a Meta attribute role
.
Only one permission class can now be defined on a model.
class Circle(Model):
name = models.CharField(max_length=255, blank=True, null=True, default='')
owner = models.ForeignKey(settings.AUTH_USER_MODEL, related_name="owned_circles", on_delete=models.SET_NULL, null=True, blank=True)
members = models.ForeignKey(django.contrib.auth.models.Group, related_name="circles", on_delete=models.SET_NULL, null=True, blank=True)
admins = models.ForeignKey(django.contrib.auth.models.Group, related_name="admin_circles", on_delete=models.SET_NULL, null=True, blank=True)
class Meta(Model.Meta):
permission_class = [AnonymousReadOnly, AuthenticatedCreate, ObjectPermissions, OwnerPermissions]
auto_author = 'owner'
roles = {
'members': {'perms': ['view'], 'add_author': True},
'admins': {'perms': ['view', 'change', 'control'], 'add_author': True},
}
This automatically creates a group for each role, the needed ACL entries for this group, adds the author of the object in the group.