Permissions
Overview
The content_settings.permissions
(source) module in Django provides functions that can be used as arguments for the permission attributes of your types. Such as:
fetch_permission
- permission for API access to the variables through the URLS/content-settings/fetch/*/
andviews.FetchSettingsView
update_permission
- permission to change the variable in the admin panelview_permission
- permission to see the variable in the admin panel (it woudn't be listed for those who are not allowed)view_history_permission
- permission to see the history of changes for the variable. It is the only permission where None is allowed, in that case the permission will be taken fromview_permission
Functions in the Module
any
Allows access to every user.
none
Denies access to all users.
authenticated
Allows access only to authenticated users.
staff
Restricts access to staff users.
superuser
Restricts access to staff users.
has_perm(perm)
Allows access to users with a specific permission.
Example:
has_perm('app_label.permission_codename')
and_(*funcs)
Combines multiple permission functions using a logical AND.
Example:
and_(authenticated, has_perm('app_label.permission_codename'))
or_(*funcs)
Combines multiple permission functions using a logical OR.
Example:
or_(staff, has_perm('app_label.permission_codename'))
not_(*funcs)
Logical NOT.
Usage examples
To set a permission where only staff members or users with a specific permission can update a variable:
from content_settings.types.basic import SimpleString, SimpleDecimal
from content_settings.permissions import or_, staff, has_perm
TITLE = SimpleString(
"default value",
update_permission=or_(staff, has_perm('app_label.permission_codename'))
)
MAX_PRICE = SimpleDecimal(
"9.99",
fetch_permission=staff,
)
In this example, SOME_VARIABLE
can be updated either by staff members or by users who have the specified permission and MAX_PRICE
can be fetched by only staff
This documentation provides an overview of the content_settings.permissions
module, offering versatile and straightforward functions to manage permissions in Django applications effectively.