How to handle per object permission in Django nowa

2020-05-19 04:27发布

问题:

I was about to use django-guardian until I came across the following in the official documentation:

https://docs.djangoproject.com/en/stable/topics/auth/customizing/#handling-authorization-in-custom-backends

Permissions can be set not only per type of object, but also per specific object instance. By using the has_add_permission(), has_change_permission() and has_delete_permission() methods provided by the ModelAdmin class, it is possible to customize permissions for different object instances of the same type.

Does that mean django-guardian is no longer needed with newer versions of Django?

Please clarify.

回答1:

Indeed, while reading the docs, I got excited that Django would cater for "per object permissions checking" out of the box, especially in the admin, and that it would be a matter of time to understand how I could activate it.

However, this does not seem to always be the case.

Django undoubtedly strives to provide the grounds (API) for such an implementation, but this implementation sometimes needs good coding skills and Django understanding.

It is the developer who will get these tools together by creating the app that suits its needs. This could be either easy or ... not so easy!

This contradicting information forms the base for my web crawling which focuses on finding a solution to the "per-object permissions" issue, somehow ... effectively for my project's needs or scale and of course my own coding skills and Django understanding up to now.

Django-guardian seems to be the most robust, full-fledged, full-blown application for this purpose.

There are also other more lightweight django applications that address specific needs which are production-stable, as well.

While trying to make ends meet in this somehow tricky quest, I am leaning towards using django-rules for its simple and focused on my needs functioning.