Quick Start

Compatibility note

This package in version 2.x is intended to work with Python 3.6+ and Django 1.11+.

1. Install django-permissionsx package:

pip install django-permissionsx

2. Don’t forget to add permissionsx to your INSTALLED_APPS:

INSTALLED_APPS = (
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.staticfiles',
    [...]
    'permissionsx',

3. Define permissions in a module of your choice:

def is_owner(context):
    return context('request.user') == context('view.get_object.user')

def is_staff(context):
    return context('request.user.is_staff')

def is_staff_or_owner(context):
    return is_owner(context) or is_staff(context)

4. Use permissions in your views, e.g.:

from permissionsx.contrib.django import views
from example.profiles.permissions import is_staff_or_owner

class ObjectDetailView(views.PermissionsDetailView):

    model = Item
    permissions = is_staff_or_owner

5. Apply permissions to your templates if you need:

{% load permissionsx_tags %}

{% permissions 'example.profiles.permissions.is_staff_or_owner' as is_staff_or_owner %}
<ul id="utility-navigation">
    {% if is_staff_or_owner %}
        <a href="#">Edit article</a>
    {% endif %}
</ul>

6. If you’d like to display a default message each time a user is denied access, simply:

from permissionsx.contrib.django import views

class ObjectDetailView(PermissionsDetailView):

    [...]
    permissions_response_class = views.AccessDeniedView

7. You’re done!

If a given object has a ForeignKey field named user that points to the user requesting the view (request.user), the permissions module will either let execute one of the HTTP methods or simply redirect to the login screen (or log the user out, depends on the configuration).

Browse through permissionsx.tests.permissions for more ideas on how to use this package or check out the example for a good starting point. Also, drop me a line if you have questions (or there is something I could improve on my side).