djangorestframework-role-filters
Advanced tools
.. image:: https://github.com/allisson/django-rest-framework-role-filters/workflows/tests/badge.svg :target: https://github.com/allisson/django-rest-framework-role-filters/actions
.. image:: https://img.shields.io/pypi/v/djangorestframework-role-filters.svg :target: https://pypi.python.org/pypi/djangorestframework-role-filters
.. image:: https://img.shields.io/github/license/allisson/django-rest-framework-role-filters.svg :target: https://pypi.python.org/pypi/djangorestframework-role-filters
.. image:: https://img.shields.io/pypi/pyversions/djangorestframework-role-filters.svg :target: https://pypi.python.org/pypi/djangorestframework-role-filters
.. code:: shell
pip install djangorestframework-role-filters
I want work easily with roles without multiple ifs in code
Create role_filters.py with your roles definitions
.. code:: python
from rest_framework_role_filters.role_filters import RoleFilter
from .serializers import PostSerializerForUser
class AdminRoleFilter(RoleFilter):
role_id = 'admin'
class UserRoleFilter(RoleFilter):
role_id = 'user'
def get_allowed_actions(self, request, view, obj=None):
# This example returns same list both for "global permissions" check,
# and for "object" permissions, but different list may be returned
# if `obj` argument is not None, and this list will be used to check
# if action is allowed during call to `ViewSet.check_object_permissions`
return ['create', 'list', 'retrieve', 'update', 'partial_update']
def get_queryset(self, request, view, queryset):
queryset = queryset.filter(user=request.user)
return queryset
def get_serializer_class(self, request, view):
return PostSerializerForUser
def get_serializer(self, request, view, serializer_class, *args, **kwargs):
fields = (
'body',
'created_at',
'id',
'serializer_name',
'title',
'updated_at',
'user',
)
return serializer_class(*args, fields=fields, **kwargs)
Create viewset and override get_role_id method
.. code:: python
from rest_framework_role_filters.viewsets import RoleFilterModelViewSet
from .models import Post
from .role_filters import AdminRoleFilter, UserRoleFilter
from .serializers import PostSerializer
class PostViewSet(RoleFilterModelViewSet):
queryset = Post.objects.all()
serializer_class = PostSerializer
role_filter_classes = [AdminRoleFilter, UserRoleFilter]
def get_role_id(self, request):
return request.user.role.role_id
def perform_create(self, serializer):
serializer.save(user=self.request.user)
If role_id is 'admin':
Post.objects.all()serializer_class is used - :code:PostSerializerget_serializer method is usedIf role_id is 'user':
serializer_class=PostSerializerForUser is usedfields kwargs (e.g. for modified serializer as described in
DRF: Dynamically modifying fields <https://www.django-rest-framework.org/api-guide/serializers/#dynamically-modifying-fields>_)Check testapp example <https://github.com/allisson/django-rest-framework-role-filters/tree/master/testproject/testapp>_ code implementation.
FAQs
django-rest-framework-role-filters
We found that djangorestframework-role-filters demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.