GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → computer-lab → django-rest-framework-roles

computer-lab / django-rest-framework-roles

Licence: BSD-2-Clause License
Parameterizes Django REST Framework methods over user-defined roles

Programming Languages

python
139335 projects - #7 most used programming language

Labels

djangodjango-rest-frameworkroles

Projects that are alternatives of or similar to django-rest-framework-roles

django-rest-live
Subscribe to updates from Django REST Framework over Websockets.
Stars: ✭ 48 (-63.64%)
Mutual labels:  django-rest-framework
kamu
You favorite book library
Stars: ✭ 65 (-50.76%)
Mutual labels:  django-rest-framework
prathimacode-hub
Hello everyone, Welcome to my GitHub README profile. Glad to see you here! Check out this repository to view my work and learn more about me. Don't just star it, fork it as well.📢✌️
Stars: ✭ 53 (-59.85%)
Mutual labels:  roles
django-restframework-userprofile
Public Profile is a Django REST Framework based API that demos how to extends a default Django Auth User model with a Profile. In addition, the code also includes a demo client that show how to consume the API from a Client Web Application.
Stars: ✭ 24 (-81.82%)
Mutual labels:  django-rest-framework
django-rest-framework-yaml
YAML support for Django REST Framework
Stars: ✭ 27 (-79.55%)
Mutual labels:  django-rest-framework
instagram-api-clone
Instagram RESTful API clone made with Django REST framework
Stars: ✭ 56 (-57.58%)
Mutual labels:  django-rest-framework
PyQuotes
PyQuotes is a Django-based web application and REST API. That will allow you to launch an online quotes service.
Stars: ✭ 23 (-82.58%)
Mutual labels:  django-rest-framework
permissionary
Tiny and framework-agnostic role-based permission management using composition over inheritance
Stars: ✭ 19 (-85.61%)
Mutual labels:  roles
lego
LEGO Backend
Stars: ✭ 48 (-63.64%)
Mutual labels:  django-rest-framework
django-rest-framework-aggregates
Exposes aggregation features of the Django model queryset to the DRF API.
Stars: ✭ 23 (-82.58%)
Mutual labels:  django-rest-framework
mathesar
Web application providing an intuitive user experience to databases.
Stars: ✭ 95 (-28.03%)
Mutual labels:  django-rest-framework
elearning
e-learning django app (django, python)
Stars: ✭ 107 (-18.94%)
Mutual labels:  django-rest-framework
RabbitMQ-with-Django
Example for using Microservices with RabbitMQ in a Django Web-Application
Stars: ✭ 26 (-80.3%)
Mutual labels:  django-rest-framework
Face-Recognition-System
Intelligent Facial Recognition with Django Restful IoT on Raspberry Pi
Stars: ✭ 46 (-65.15%)
Mutual labels:  django-rest-framework
openverse-api
The Openverse API allows programmatic access to search for CC-licensed and public domain digital media.
Stars: ✭ 41 (-68.94%)
Mutual labels:  django-rest-framework
drf-SimpleJWT-React
Template Django + DRF + SimpleJWT + React project
Stars: ✭ 80 (-39.39%)
Mutual labels:  django-rest-framework
supautils
PostgreSQL extension that prevents doing ALTER/DROP/GRANT on a set of reserved roles.
Stars: ✭ 21 (-84.09%)
Mutual labels:  roles
platform
API for the Penn Labs platform built using Django REST framework. Includes accounts engine, club directory, product listings, documentation etc.
Stars: ✭ 20 (-84.85%)
Mutual labels:  django-rest-framework
jasmin-web-panel
📨 Jasmin Web Panel for Jasmin SMS Gateway
Stars: ✭ 33 (-75%)
Mutual labels:  django-rest-framework
django-tutorial
Django 4 tutorial projects
Stars: ✭ 11 (-91.67%)
Mutual labels:  django-rest-framework
View All Similar Projects ➔

django-rest-framework-roles

Simplifies Role Based Access Control in django-rest-framework.

Why would I use this?

You have more than one type of user in your data model and you have business logic that diverges depending on the type of user. You do not want to organize your API by role because that is not very RESTful. You do not want to manually type out a lot of conditional branching around user roles.

Modeling Requirements

  • You must have one Group for each role
  • A User cannot belong to more than one of the Groups corresponding to each role

Installation

$ pip install django-rest-framework-roles

Configuration

  • VIEWSET_METHOD_REGISTRY A tuple of DRF methods to override. Defaults to:
(
    "get_queryset",
    "get_serializer_class",
    "perform_create",
    "perform_update",
    "perform_destroy",
)
  • ROLE_GROUPS A tuple of Group names that correspond 1-to-1 with user roles. Defaults to:
[group.name.lower() for group in Group.objects.all()]

It's recommended to define ROLE_GROUPS in settings to avoid a database lookup on every request.

Usage

Add the mixin to any ViewSet:

from drf_roles.mixins import RoleViewSetMixin

class MyViewSet(RoleViewSetMixin, ModelViewSet):
    # ...

For each of the methods specified in VIEWSET_METHOD_REGISTRY a role-scoped method will be generated on your ViewSet.

Parameterizing

For example, let’s say you have three groups named Takers, Leavers & Gods. Let’s also say you included "get_queryset" in the VIEWSET_METHOD_REGISTRY.

When a Taker user hits an endpont on the ViewSet, the call to get_queryset will be rerouted to a call to get_queryset_for_takers.

When a Leaver user hits an endpont on the ViewSet, the call to get_queryset will be rerouted to a call to get_queryset_for_leavers.

When a God user hits an endpont on the ViewSet, the call to get_queryset will be rerouted to a call to get_queryset_for_gods.

You can implement each of these methods on your ViewSet to return a different queryset for each type of user.

Not Parameterizing

You can also not implement one or more of these methods, in which case the default call will be executed. For example, with our same set of groups and with "get_serializer_class" included in the role registry, let’s say you did not implement get_serializer_class_for_takers. When a Taker user hits an endpoint on the ViewSet, the default implementation of get_serializer_class will be executed and return serializer_class.

In this case, you would want to be sure that you have a serializer_class defined on your ViewSet! Otherwise Django REST Framework will complain. It is a good idea to always define a default queryset and serializer_class with least privilege (e.g: Model.objects.none()).

Roadmap

  • Some projects require even further parameterization. For example, you may need to use a different serializer_class depending on the user's role and the request method.
  • There may be a more pleasant way to express the parameterization in code. For example, it may be more pleasing to use nested classes instead of renaming the methods.

Further Reading

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].