The purpose is to take access control to the Model layer, and out of the Controller (view) layer.
Here's how you use it (taken from the readme)
First, apply locks to some model methods:
class Example(models.Model, LockingMixin): class Meta: permissions = [ ('example_can_get_id', 'Can get ID') ] name = models.CharField(max_length=33) @locks.permission('app.example_can_get_id') def get_id(self): return self.idThen, instance it and use it. When you try to access a locked method, modelpermissions will throw an exception.
model = Example.objects.create(name='name') try: model.get_id() assert False #remove this except PermissionDenied: 'django.core.exceptions.PermissionDenied was thrown' But now let's unlock this model instance and try again model.unlock(user) model.get_id() 'no exception thrown'
Locks aren't limited to permission locks. You can use
@locks.conditional
and pass it a function that receives the model instance and do more flexible stuff with it.And the future looks nice, too. Instead of just raising
PermissionDenied
, I feel that this could make more interesting stuff, like use an alternate method, when the user doesn't have enough permissions (even return a different Proxy model from the lock()
method, which will start to return the model instance itself for chainability), and a different LockingMixin
to lock things only when you explicitly call lock()
on the Model.It's available on github. Try it out!