The purpose is to take access control to the Model layer, and out of the Controller (view) layer.
Here's how you use it (taken from the readme)
First, apply locks to some model methods:
class Example(models.Model, LockingMixin):
class Meta:
permissions = [
('example_can_get_id', 'Can get ID')
]
name = models.CharField(max_length=33)
@locks.permission('app.example_can_get_id')
def get_id(self):
return self.id
Then, instance it and use it. When you try to access a locked method, modelpermissions will throw an exception.
model = Example.objects.create(name='name')
try:
model.get_id()
assert False #remove this
except PermissionDenied:
'django.core.exceptions.PermissionDenied was thrown'
But now let's unlock this model instance and try again
model.unlock(user)
model.get_id()
'no exception thrown'
Locks aren't limited to permission locks. You can use
@locks.conditional and pass it a function that receives the model instance and do more flexible stuff with it.And the future looks nice, too. Instead of just raising
PermissionDenied, I feel that this could make more interesting stuff, like use an alternate method, when the user doesn't have enough permissions (even return a different Proxy model from the lock() method, which will start to return the model instance itself for chainability), and a different LockingMixin to lock things only when you explicitly call lock() on the Model.It's available on github. Try it out!
No comments:
Post a Comment