.. image:: https://github.com/django-guardian/django-guardian/workflows/Tests/badge.svg?branch=devel :target: https://github.com/django-guardian/django-guardian/actions/workflows/tests.yml
.. image:: https://img.shields.io/pypi/v/django-guardian.svg :target: https://pypi.python.org/pypi/django-guardian
.. image:: https://img.shields.io/pypi/pyversions/django-guardian.svg :target: https://pypi.python.org/pypi/django-guardian
django-guardian is an implementation of per object permissions [1]_ on top
of Django's authorization backend
Online documentation is available at https://django-guardian.readthedocs.io/.
GitHub Actions run tests against Django versions 2.2, 3.0, 3.1, 3.2, and main.
To install django-guardian simply run::
pip install django-guardian
We need to hook django-guardian into our project.
guardian into your INSTALLED_APPS at settings module:.. code:: python
INSTALLED_APPS = (
...
'guardian',
)
2. Add extra authorization backend to your settings.py:
.. code:: python
AUTHENTICATION_BACKENDS = (
'django.contrib.auth.backends.ModelBackend', # default
'guardian.backends.ObjectPermissionBackend',
)
3. Create guardian database tables by running::
python manage.py migrate
After installation and project hooks we can finally use object permissions with Django_.
Lets start really quickly:
.. code:: python
>>> from django.contrib.auth.models import User, Group
>>> jack = User.objects.create_user('jack', 'jack@example.com', 'topsecretagentjack')
>>> admins = Group.objects.create(name='admins')
>>> jack.has_perm('change_group', admins)
False
>>> from guardian.models import UserObjectPermission
>>> UserObjectPermission.objects.assign_perm('change_group', jack, obj=admins)
<UserObjectPermission: admins | jack | change_group>
>>> jack.has_perm('change_group', admins)
True
Of course our agent jack here would not be able to change_group globally:
.. code:: python
>>> jack.has_perm('change_group')
False
Replace admin.ModelAdmin with GuardedModelAdmin for those models
which should have object permissions support within admin panel.
For example:
.. code:: python
from django.contrib import admin
from myapp.models import Author
from guardian.admin import GuardedModelAdmin
# Old way:
#class AuthorAdmin(admin.ModelAdmin):
# pass
# With object permissions support
class AuthorAdmin(GuardedModelAdmin):
pass
admin.site.register(Author, AuthorAdmin)
.. [1] Great paper about this feature is available at djangoadvent articles <https://github.com/djangoadvent/djangoadvent-articles/blob/master/1.2/06_object-permissions.rst>_.
.. _Django: http://www.djangoproject.com/
FAQs
Implementation of per object permissions for Django.
We found that django-guardian demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.