flask-resty icon indicating copy to clipboard operation
flask-resty copied to clipboard
verified publisher icon 4Catalyzer

Allow boolean operations between authorization items

Open taion opened this issue 7 years ago • 2 comments

For combining authorization, in many cases it would be simpler to do something like:

class WidgetView(GenericModelView):
    authorization = WidgetAuthorization() | AdminAuthorization()

Instead of having to define a new authorization class that combines the two in a less declarative manner.

Inspired by the permission_classes functionality in DRF.

taion avatar Feb 18 '19 18:02 taion

I like the idea.

~~Out of the box, DRF just runs permission_classes serially~~, but there are 3rd-party packages that allow you to compose permissions, e.g. https://github.com/caxap/rest_condition .

EDIT: Ah, looks like DRF does support composable permissions in recent releases.

sloria avatar Feb 18 '19 23:02 sloria

Tangentially related: it might be nice have a way to combine other objects like Filtering. This could be useful for mixins and base classes.


class MyEntityMixin:
    filtering = Filtering(id=operator.eq, ..)

class WidgetView(MyEntityMixin, GenericModelView):
    filtering = MyEntityMixin.filtering | Filtering(factory_id=operator.eq)

sloria avatar Sep 06 '19 20:09 sloria