update: Rewrite permissions
@sylvain Done, here's how it works:
- On djangoldp Model.Meta.
-
permission_classesis not mandatory anymore if not provided it'll be LDPPermissions. - By default, no one have any right.
- Model.Meta now have
anonymous_perms,authenticated_perms,owner_perms -
anonymous_perms,authenticated_permsandowner_permscan haveview,add,change,control, ordelete - They can also have
inherit- that is activated by default. Owner inherit from Auth who inherit from Anons.
egs. :
class EveryoneCanRead(Model):
class Meta:
anonymous_perms = ['view']
# Because default owner & auth are inherit.class NoOneCanUseMe(Model):
class Meta:class AuthOnly(Model):
class Meta:
anonymous_perms = []
authenticated_perms = ['view', 'add']
owner_perms = ['inherit', 'change', 'control', 'delete']class Notifications(Model):
class Meta:
anonymous_perms = ['add']
authenticated_perms = []
owner_perms = ['view', 'change']class OhNoOwnerCantRead(Model):
class Meta:
anonymous_perms = ['view']
authenticated_perms = ['inherit', 'add']
owner_perms = ['change', 'control', 'delete']
# I supposed this is bad, but we don't want to always inherit permissions..?Also, you can still overload it if you need more precise permissions (Member of a project for example)
@bleme If you can take a look too.
Merge request reports
Merged by
(Mar 23, 2025 3:30am UTC)
Activity
added CheckValid Proposition labels
added 1 commit
- 329e2185 - update: Add tests & correct default permissions
So, I correct tests. But I'll need one of you @bleme or @sylvain for anonymous tests.
On tests files, it always return 201. But with curl, it works as intended.
>>> request = self.factory.post('/job-offers/', json.dumps(data), content_type='application/ld+json') >>> my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"]) >>> response = my_view(request, pk=1) >>> response <Response status_code=201, "text/html; charset=utf-8">Even if I use a
pkthat I'm sure that it's not on.>>> request = self.factory.post('/job-offers/', json.dumps(data), content_type='application/ld+json') >>> my_view = LDPViewSet.as_view({'post': 'create'}, model=JobOffer, nested_fields=["skills"]) >>> response = my_view(request, pk=999) >>> response <Response status_code=201, "text/html; charset=utf-8">If I ask him to render the response, it sounds like a nonsense:
>>> response.render() <Response status_code=201, "application/ld+json"> >>> response.content b'{"@id":"http://testserver/job-offers/None/","title":null,"skills":{"@id":"http://testserver/job-offers/None/skills/","@type":"ldp:Container","ldp:contains":[],"permissions":[{"mode":{"@type":"view"}}]},"recent_skills":{"@id":"http://happy-dev.fr/job-offers/None/recent_skills/","@type":"ldp:Container","ldp:contains":[],"permissions":[{"mode":{"@type":"view"}}]},"permissions":[{"mode":{"@type":"view"}}],"@context":{"@context":{"@vocab":"http://happy-dev.fr/owl/#","foaf":"http://xmlns.com/foaf/0.1/","doap":"http://usefulinc.com/ns/doap#","ldp":"http://www.w3.org/ns/ldp#","rdfs":"http://www.w3.org/2000/01/rdf-schema#","rdf":"http://www.w3.org/1999/02/22-rdf-syntax-ns#","xsd":"http://www.w3.org/2001/XMLSchema#","geo":"http://www.w3.org/2003/01/geo/wgs84_pos#","acl":"http://www.w3.org/ns/auth/acl#","name":"rdfs:label","website":"foaf:homepage","deadline":"xsd:dateTime","lat":"geo:lat","lng":"geo:long","jabberID":"foaf:jabberID","permissions":"acl:accessControl","mode":"acl:mode","view":"acl:Read","change":"acl:Write","add":"acl:Append","delete":"acl:Delete","control":"acl:Control"}}}'But, with curl.
$ curl -d '{"title": "new idea"}' -H "Content-Type: application/ld+json" http://127.0.0.1:8000/job-offers/ {"detail":"Authentication credentials were not provided.","@context":"https://cdn.happy-dev.fr/owl/hdcontext.jsonld"}%$ curl --request PATCH -H "Content-Type: application/ld+json" http://127.0.0.1:8000/job-offers/1/ {"detail":"Authentication credentials were not provided.","@context":"https://cdn.happy-dev.fr/owl/hdcontext.jsonld"}%Model is exactly the same & requests too.
class JobOffer(Model): title = models.CharField(max_length=255, blank=True, null=True) skills = models.ManyToManyField(Skill, blank=True) slug = models.SlugField(blank=True, null=True, unique=True) date = models.DateTimeField(auto_now_add=True, blank=True) def recent_skills(self): return self.skills.filter(date__gte=date.today()) class Meta: anonymous_perms = ['view'] authenticated_perms = ['inherit', 'add'] owner_perms = ['inherit', 'change', 'delete', 'control'] nested_fields = ["skills"] serializer_fields = ["@id", "title", "skills", "recent_skills"] container_path = "job-offers/" lookup_field = 'slug'Every other tests are fine.
Edited by Jean-Baptiste PasquierThe problem is that my_view.cls.permissions_classes doesn't contains
LDPPermissions. It containsAllowAnyI fixed it.
Another way to avoid this kind of errors is to user
self.client.[put|get|post]instead of building and calling the view manually. you have examples on other testsBy Jean-Baptiste on 2019-07-25T07:45:16 (imported from GitLab project)
added 1 commit
- e67821fe - update: fix test by setting LDPPermissions on views.permissions_classes
By Jean-Baptiste on 2019-07-25T07:42:44 (imported from GitLab project)
added 1 commit
- a5aed3d6 - update: fix test model & rewrite test_user_permissions
added 1 commit
- 5f588062 - update: Fix tests - remove guardian from them
-
Everything's fine now.
@sylvain waiting for your review. If everything is ok for you too, we may inform everyone to update packages & merge.
added 4 commits
-
5f588062...90655732 - 3 commits from branch
master - c1cc6a25 - Merge branch 'master' into 'jbpasquier/permissions'
-
5f588062...90655732 - 3 commits from branch
