> a different security implementation. The current system is based
> around a user.has_permission("permission name") function; I imagine
> you could modify that function to work differently.
I have a similar function in another project (not converted to Django
yet). I use optional argument for this, something like:
def has_permission(self, permission_name, resource=None)
# resource is a class instance of some model class. If resource is
passed, it's property "author" is inspected, and in some cases some
extra business rules are checked.
In some places it's simple and works like RBAC:
if user.has_permission('send_mail'):
# send mail :)
# send mail...
In other places it works like RBAC + CBAC: ;-)
news_item = News.get(3)
if user.has_permission('publish_news', news_item):
# publish this news item
--
Ksenia
