django-rest-action-permissions 2.0.0

Installation

Install using pip:

$ pip install django-rest-action-permissions

Usage

This library lets you define permissions like so:

# permissions.py
from rest_framework.permissions import (
    AllowAny, BasePermission, IsAdminUser, IsAuthenticated
)
from rest_action_permissions.permissions import ActionPermission


class IsTweetOwner(BasePermission):

    def has_object_permission(self, request, view, obj):
        return obj.owner == request.user


class TweetPermission(ActionPermission):
    # The admin user has all permissions.
    enough_perms = IsAdminUser

    # Corresponding permissions for each action.
    create_perms = IsAuthenticated
    retrieve_perms = AllowAny
    list_perms = AllowAny
    update_perms = IsTweetOwner
    delete_perms = IsTweetOwner
    retweet_perms = IsAuthenticated
    undo_retweet_perms = IsAuthenticated

    # General read/write permissions.
    # Used if corresponding action permission hasn't been specified.
    read_perms = AllowAny
    write_perms = IsAuthenticated & IsTweetOwner

Corresponding ViewSet for the permissions defined above:

# views.py
from rest_framework import viewsets
from rest_framework.decorators import detail_route
from .models import Tweet
from .permissions import TweetPermission
from .serializers import TweetSerializer


class TweetViewSet(viewsets.ModelViewSet):
    queryset = Tweet.objects.all()
    serializer_class = TweetSerializer
    permission_classes = (TweetPermission, )

    def perform_create(self, serializer):
        serializer.save(owner=self.request.user)

    @detail_route(methods=['POST'])
    def retweet(self, request, *args, **kwargs):
        ...

    @detail_route(methods=['POST'])
    def undo_retweet(self, request, *args, **kwargs):
        ...

Credits

The interface of this library was inspired by taiga project.