真正简单的django权限后端

基于类，无数据库，对象级

灵感来自 django-permission

在Django 3.2到5.0 - python 3.8到3.12上进行了测试。对于较旧的Django版本，请使用 django-simple_perms 0.2.8

简介

该应用会自动在项目的app中查找perms.py模块。

该模块应注册基于PermissionLogic的类。

在调用django的has_perm方法时，它将在您的PermissionLogic类中运行相应的命名方法。

以下为综合示例的使用部分。

使用方法

从pypi

pip install django-simple_perms

或

poetry add django-simple_perms

settings.py

INSTALLED_APPS = (
  # ...
  'simple_perms',  # Add simple_perms app to your INSTALLED_APPS
  # ...
)

AUTHENTICATION_BACKENDS = (
    'simple_perms.PermissionBackend',  # Add permission backend before django's one
    'django.contrib.auth.backends.ModelBackend',
)

project_app/perms.py

from simple_perms import register, PermissionLogic


class ProjectLogic(PermissionLogic):

    def add_project(self, user, project, perm):
        return True

    def change_project(self, user, project, perm):
        return user.is_admin() or project.owner == user

    delete_project = change_project

    def default_permission(self, user, project, perm):
      # Optional, default to global default permission, which default to False
      return user.is_admin()


register('project_app', ProjectLogic)

user1.has_perm('project_app.add_project')  # True
user1.has_perm('project_app.change_project', user1_project)  # True
user1.has_perm('project_app.delete_project', user1_project)  # True
user2.has_perm('project_app.change_project', user1_project)  # False
admin.has_perm('project_app.change_project', user1_project)  # True

默认权限

如果已检查的权限不存在于已注册的PermissionLogic基于类中，后端将运行此类中的default_permission方法。如果没有定义default_permission，则默认为全局默认权限，默认为False。

更改全局默认权限

settings.py

SIMPLE_PERMS_GLOBAL_DEFAULT_PERMISSION = 'path.to.custom_global_default_permission'

path/to.py

def custom_global_default_permission(user, obj, perm):
    return user.is_admin()

global_default_permission和default_permission与其他权限具有相同的参数：(user, obj, perm)

更改自动发现模块名称

simple_perms在Django的每个应用中自动发现perms.py模块。您可以使用SIMPLE_PERMS_MODULE_NAME设置更改自动发现模块名称。

SIMPLE_PERMS_MODULE_NAME = 'permission'

运行测试

python runtests.py

测试辅助工具

from django.test import TestCase
from simple_perms.helpers import AssertPermissions


class TestContractPermission(AssertPermissions, TestCase):
    def setUp(self):
        self.admin = UserFactory(role="admin")
        self.contract = ContractFactory()

    def test_permissions_for_admin(self):
        permissions = [
            { 'usr': 'admin', 'perm': 'contracts.add',    'args': (None,),           'result': True, },
            { 'usr': 'admin', 'perm': 'contracts.view',   'args': (self.contract, ), 'result': True, },
            { 'usr': 'admin', 'perm': 'contracts.change', 'args': (self.contract, ), 'result': True, },
        ]
        self.assertPerms(permissions)

哪些失败

======================================================================
FAIL: test_permissions_for_admin (contracts.tests.perms.TestContractPermission)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/app/django/contracts/tests/perms.py", line 48, in test_permissions_of_admin
    self.assertPerms(permissions)
  File "/app/django/django-simple_perms/simple_perms/helpers.py", line 37, in assertPerms
    raise e
  File "/app/django/django-simple_perms/simple_perms/helpers.py", line 66, in _test_permission_
    getattr(self, permission['usr']).has_perm(permission['perm'], *permission['args'])
AssertionError: ('PERM ERROR admin contracts.add:  False is not true', 'PERM ERROR admin contracts.view:  False is not true', 'PERM ERROR admin contracts.change:  False is not true')

----------------------------------------------------------------------

设置开发环境

# install dev dependencies
poetry install --no-root
# install git pre-commit
pre-commit install

构建包并在PyPI上发布

在pyproject.toml中更改版本号

poetry build
poetry publish