.. image:: https://github.com/renderbox/django-permafrost/workflows/Permafrost%20Develop/badge.svg :target: https://github.com/renderbox/django-permafrost/workflows/Permafrost%20Develop/badge.svg :alt: Permafrost Develop
.. image:: https://github.com/renderbox/django-permafrost/workflows/Permafrost%20CI/badge.svg :target: https://github.com/renderbox/django-permafrost/workflows/Permafrost%20CI/badge.svg :alt: Permafrost CI
.. image:: https://readthedocs.org/projects/django-permafrost/badge/?version=latest :target: https://django-permafrost.readthedocs.io/en/latest/?badge=latest :alt: Documentation Status
Django Permafrost is an extension to Django's Permissions framework. It's goal is to allow developers to expose some permissions to Client Users on the site so they can create and manage custom User Roles.
It adds:
A View Mixin that supports user permissions based on different HTTP method types (GET, POST, PUT, etc) for extra granular control.
A View Mixin that captures into Django's logging setup any failed permission checks.
An App that supports Client User definable roles and permissions. This uses the underlying Django Permission system and controls which permissions are exposed to the users.
For example, you have a SAAS platform where you have Administrators Clients. They manage the other users on their master account in the system (like Employees, etc) and want to be able to define different permissions for various users. They might have one Employee they want to be able to manage email lists but not let them invite users but both are considered in the staff category.
To install, just use pip
.. code-block:: shell
pip install django-permafrost
To add it to your project, add it to the list of install apps in you settings.py...
.. code-block:: python
INSTALLED_APPS = [ ... 'permafrost', ... ]
... and migrate
.. code-block:: shell
./manage.py migrate
The Goal of Django Permafrost is to allow Clients to create their own Permafrost Roles, under developer defined Categories with developer defined required and optional permissions.
An example of a developer defined categories looks like this:
.. code-block:: python
Sample Category Permission Format:
PERMAFROST_CATEGORIES = { 'user': { 'label': ("User"), 'access_level': 1, 'optional': [ {'label':('Can Add Users to Role'), 'permission': ('add_user_to_role', 'permafrost', 'permafrostrole')}, ], 'required': [ {'label':_('Can add Role'), 'permission': ('add_permafrostrole', 'permafrost', 'permafrostrole')}, ], }, }
This would be added to your Django settings.py file (or, at least, included into).
In the above, we define the User category, give it the localizable label of "User" and provide two permissions in the "Natural Key" format (since PKs can be unreliable with permissions), the first is optional and the second is required.
There is also an access_level setting to help make sorting access levels more easily.
It is recommended that you update your code to use PermafrotRole's built-in functions to add users and permissions. They add an extra level of checking to make sure the permissions passed in are allowed by the PERMAFROST_CATEGORIES configuration.
For example, permissions on a Group:
.. code-block:: python
group.permissions.set([permission_list]) group.permissions.add(permission, permission, ...) group.permissions.remove(permission, permission, ...) group.permissions.clear()
Can be replaced with:
.. code-block:: python
PermafrostRole.permissions_set([permission_list]) PermafrostRole.permissions_add(permission, permission, ...) PermafrostRole.permissions_remove(permission, permission, ...) PermafrostRole.permissions_clear()
There is a tool to help the developer list out the permissions available in the format permafrost expects.
.. code-block:: shell
./manage permlist
using the command will produce a list like this
.. code-block:: shell
./manage.py permlist
Permlist formatted for your PermafrostRoles configuration {'label':('Can add email address'), 'permission': ('add_emailaddress', 'account', 'emailaddress')}, {'label':('Can change email address'), 'permission': ('change_emailaddress', 'account', 'emailaddress')}, {'label':_('Can delete email address'), 'permission': ('delete_emailaddress', 'account', 'emailaddress')}, ...
Each line can be copied into the PERMAFROST_CATEGORIES config in the correct format.
FAQs
Adds Client Definable Permissions to Django
We found that django-permafrost demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.
