django-keeper
django-keeper copied to clipboard
hirokiky
Authorization library for Django, with ACL, not depends on models.
1. `obj` in auth backend's `has_perm` function [is optional](https://github.com/django/django/blob/main/django/contrib/auth/models.py#L302). 2. User's `has_perm` function [passes a user object](https://github.com/django/django/blob/main/django/contrib/auth/models.py#L210) to auth backend's `has_perm` function, so [keeper's operator](https://github.com/hirokiky/django-keeper/blob/master/keeper/operators.py) always returns False. The first...
Now keeper supports DRF as [KeeperDRFPermission](https://github.com/hirokiky/django-keeper/blob/master/keeper/views.py#L103). But it only for View classes, not ViewSets. I think we should provide Permission class like DRF's [DjangoObjectPermission](https://www.django-rest-framework.org/api-guide/permissions/#djangoobjectpermissions). New Permission class shouldn't be created.
Generally, while 1 request, per model instances, each returning values of __acl__ won't be change. If user attribute changed by some view or so, acl may return different values (even...
While testing, sometimes we want to avoid `@keeper` decorator of views. Like ``` self.client.force_login(user=user) self.client.force_permission('view', obj) ``` It can reduce preparation to pass keepers' checking. You can write tests for...