Skip to content

Django REST Framework permissions backend based on the django-access package

License

Notifications You must be signed in to change notification settings

nnseva/django-rest-access

Repository files navigation

Build Status

Django-REST-Access

The Django-REST-Access package provides a permissions backend for the Django REST Framework using access rules defined by the Django-Access package.

Installation

Stable version from the PyPi package repository

pip install django-rest-access

Last development version from the GitHub source version control system

pip install git+git://github.com/nnseva/django-rest-access.git

Configuration

Include the rest_framework, access, and rest_access applications into the INSTALLED_APPS list, like:

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    ...
    'rest_framework',
    'access',
    'rest_access',
    ...
]

Using

Define access rules

Define access rules as it is described in the Django-Access package documentation.

Serializer Mixin

Use rest_access.access.AccessSerializerMixin as a first of base classes for every Serializer in your API description which should be controlled by access rules defined using Django-Access package, like:

from rest_framework import serializers, viewsets
from rest_access.access import AccessSerializerMixin
from django.contrib.auth.models import User, Group

...

class GroupSerializer(AccessSerializerMixin, serializers.HyperlinkedModelSerializer):
    class Meta:
        model = Group
        fields = ('url', 'id', 'name')

Authorization backend to use

The authorization backend rest_access.access.AccessPermission should be used as the both, permission control backend and filtering class.

The rest_access.access.AccessPermission can be used together with other permission control backends and filtering classes without restrictions.

Using authorization backend individually for selected model views

You can assign a permissions control backend and filtering class for the sole, or some subset of model views or viewsets like it is described in the Django REST Framework permission documentation and Django REST Framework filtering documentation correspondingly:

from rest_framework import serializers, viewsets
...

class SomeModelViewSet(viewsets.ModelViewSet):
    ...
    permission_classes = ['rest_access.access.AccessPermission']
    filter_backends = ['rest_access.access.AccessPermission']

Using authorization backend as a default one

You can assign a permission control backend and filtering class as default ones for all views in the project using settings module as it is described in the Django REST Framework settings documentation:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_access.access.AccessPermission'
    ],
    'DEFAULT_FILTER_BACKENDS': [
        'rest_access.access.AccessPermission'
    ],
}