Skip to content

update: Rewrite permissions

Jean-Baptiste Pasquier requested to merge jbpasquier/permissions into master

@sylvain Done, here's how it works:

  • On djangoldp Model.Meta.
  • permission_classes is not mandatory anymore if not provided it'll be LDPPermissions.
  • By default, no one have any right.
  • Model.Meta now have anonymous_perms, authenticated_perms, owner_perms
  • anonymous_perms, authenticated_perms and owner_perms can have view, add, change, control, or delete
  • They can also have inherit - that is activated by default. Owner inherit from Auth who inherit from Anons.

egs. :

class EveryoneCanRead(Model):
    class Meta:
        anonymous_perms = ['view']
# Because default owner & auth are inherit.
class NoOneCanUseMe(Model):
    class Meta:
class AuthOnly(Model):
    class Meta:
        anonymous_perms = []
        authenticated_perms = ['view', 'add']
        owner_perms = ['inherit', 'change', 'control', 'delete']
class Notifications(Model):
    class Meta:
        anonymous_perms = ['add']
        authenticated_perms = []
        owner_perms = ['view', 'change']
class OhNoOwnerCantRead(Model):
    class Meta:
        anonymous_perms = ['view']
        authenticated_perms = ['inherit', 'add']
        owner_perms = ['change', 'control', 'delete']
# I supposed this is bad, but we don't want to always inherit permissions..?

Also, you can still overload it if you need more precise permissions (Member of a project for example)

@bleme If you can take a look too.

Edited by Jean-Baptiste Pasquier

Merge request reports