As of now generic-auth is missing part of the functionality that would make it truly useful. You can check permissions on a single object using the extensible has_permission function, but often times you need to get a list of objects for which a user has a specified permission. Getting all possible objects, looping thorough them, and calling has_permission on each object to filter the list is possible, but suboptimal at best. The fastest way to get a filtered list of object would be to utilize features of SQL, or even better, QuerySets.
Starting at line 146 [1] of the generic-auth tests, I've created an initial implementation of an extensible QuerySet filtering function. It is similar to has_permission, except it takes a user, permission, and QuerySet as arguments. Instead of returning True or False, it returns a new QuerySet that has the disallowed objects filtered out. Like with has_permission, you can register implementations of this function to deal with different types of users, permissions, and models. I'm not sure that this should be a function however. It may also make sense as a Manager and/or QuerySet method. Does anyone have ideas for what to name this function/method? I haven't been able to come up with anything I've been happy with. Also, comments on the api/implementation are welcome. The code found in [1] is more or less what would go into the actual django code base. Joseph [1] http://code.djangoproject.com/browser/django/branches/generic-auth/tests/regressiontests/generic_auth/tests.py#L146 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
