Hiroki Kiyohara
Hiroki Kiyohara
My suggestion is to use DRF's DjangoObjectPermission class instead of django-rules' AutoPermissionViewSetMixin. DjangoRestFramework provides [DjangoObjectPermission](https://www.django-rest-framework.org/api-guide/permissions/#djangoobjectpermissions) to check permission for objects on ViewSets. Asis: ```python class ArticleViewSet(AutoPermissionViewSetMixin, ModelViewSet): ... ``` ToBe:...
Now keeper will cause error when we didn't specify global context.
Now keeper supports DRF as [KeeperDRFPermission](https://github.com/hirokiky/django-keeper/blob/master/keeper/views.py#L103). But it only for View classes, not ViewSets. I think we should provide Permission class like DRF's [DjangoObjectPermission](https://www.django-rest-framework.org/api-guide/permissions/#djangoobjectpermissions). New Permission class shouldn't be created.
Generally, while 1 request, per model instances, each returning values of __acl__ won't be change. If user attribute changed by some view or so, acl may return different values (even...
While testing, sometimes we want to avoid `@keeper` decorator of views. Like ``` self.client.force_login(user=user) self.client.force_permission('view', obj) ``` It can reduce preparation to pass keepers' checking. You can write tests for...
Now apply_reporter can't get reporter object. so on the test, it's not so easy to check the outputs, especially with console_committer. now I always use testfixtures, but it's better not...