djangorestframework-role-filters
Advanced tools
.. image:: https://github.com/allisson/django-rest-framework-role-filters/workflows/tests/badge.svg :target: https://github.com/allisson/django-rest-framework-role-filters/actions
.. image:: https://img.shields.io/pypi/v/djangorestframework-role-filters.svg :target: https://pypi.python.org/pypi/djangorestframework-role-filters
.. image:: https://img.shields.io/github/license/allisson/django-rest-framework-role-filters.svg :target: https://pypi.python.org/pypi/djangorestframework-role-filters
.. image:: https://img.shields.io/pypi/pyversions/djangorestframework-role-filters.svg :target: https://pypi.python.org/pypi/djangorestframework-role-filters
.. code:: shell
pip install djangorestframework-role-filters
I want work easily with roles without multiple ifs in code
Create role_filters.py with your roles definitions
.. code:: python
from rest_framework_role_filters.role_filters import RoleFilter
from .serializers import PostSerializerForUser
class AdminRoleFilter(RoleFilter):
role_id = 'admin'
class UserRoleFilter(RoleFilter):
role_id = 'user'
def get_allowed_actions(self, request, view, obj=None):
# This example returns same list both for "global permissions" check,
# and for "object" permissions, but different list may be returned
# if `obj` argument is not None, and this list will be used to check
# if action is allowed during call to `ViewSet.check_object_permissions`
return ['create', 'list', 'retrieve', 'update', 'partial_update']
def get_queryset(self, request, view, queryset):
queryset = queryset.filter(user=request.user)
return queryset
def get_serializer_class(self, request, view):
return PostSerializerForUser
def get_serializer(self, request, view, serializer_class, *args, **kwargs):
fields = (
'body',
'created_at',
'id',
'serializer_name',
'title',
'updated_at',
'user',
)
return serializer_class(*args, fields=fields, **kwargs)
Create viewset and override get_role_id method
.. code:: python
from rest_framework_role_filters.viewsets import RoleFilterModelViewSet
from .models import Post
from .role_filters import AdminRoleFilter, UserRoleFilter
from .serializers import PostSerializer
class PostViewSet(RoleFilterModelViewSet):
queryset = Post.objects.all()
serializer_class = PostSerializer
role_filter_classes = [AdminRoleFilter, UserRoleFilter]
def get_role_id(self, request):
return request.user.role.role_id
def perform_create(self, serializer):
serializer.save(user=self.request.user)
If role_id is 'admin':
Post.objects.all()serializer_class is used - :code:PostSerializerget_serializer method is usedIf role_id is 'user':
serializer_class=PostSerializerForUser is usedfields kwargs (e.g. for modified serializer as described in
DRF: Dynamically modifying fields <https://www.django-rest-framework.org/api-guide/serializers/#dynamically-modifying-fields>_)Check testapp example <https://github.com/allisson/django-rest-framework-role-filters/tree/master/testproject/testapp>_ code implementation.
FAQs
django-rest-framework-role-filters
We found that djangorestframework-role-filters demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncovered malicious npm and PyPI packages that steal crypto wallet credentials using Google Analytics and Telegram for exfiltration.
Product
Socket now supports .NET, bringing supply chain security and SBOM accuracy to NuGet and MSBuild-powered C# projects.
Research
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.