Re: Advanced Permissions and States

Mon, 22 Dec 2008 05:29:13 -0800 

makka...@gmail.com wrote:
>> I'm working on a big project at my work myself.
>> We came to this problem last week (we did something to check it, but it
>> was unmanagable).
>> We wanted to move the check to the models. This is a little bit
>> difficult because you basicly doesn't have the user object at in the
>> __init__ function of your model. So I've written a small middleware
>> which makes the request model available and handles permission denied.
>> It rather simple at the moment. The __init__ function of our model calls
>> a function which knows where to get the user object, and raises a
>> permission denied exception when this function isn't returning True. 
>>     
> Can u explain that a little bit ? The __init__ trick ..
>
>   
The __init__ function of the model does something like this:
if not permission.hasPermission():
    raise permission.PermissionsError()

The hasPermission function can be any function which accepts any
arguments, just what you define ofcourse. The hasPermission function
gets the user object and does the check which is needed, returns False
when the user hasn't permission, return True when the user has permission.
When you store the request object in your middleware, please make it
thread-safe (look at transaction middleware and module of django for an
example).
>> The 
>> middleware picks up the exception and creates a permission denied page.
>>
>>     
> That one is a good idea
>
>   

Thanks, the middleware has the function process_exception which checks
for the PermissionsError Exception, and returns a HttpResponse with the
error page if it encounters that permission, otherwise it returns None.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to