Re: Testing Permissions in URL Includes

2013-09-13 Thread Lee Hinde 

On Sep 13, 2013, at 12:47 PM, Arnold Krille  wrote:

> On Fri, 13 Sep 2013 11:30:44 -0700 Lee Hinde  wrote:
>> So, the question, is there a way to wrap url include calls in a
>> permission check?
> 
> Wrapping a whole url-include would only work when the url-tree is
> rebuild for each request taking into account the requesting user.
> Todays technologies don't do that anymore.
> 

That helps to understand why it works the way it does. Thanks.

> I would encourage you to look at django-braces and just use the
> PermissionRequiredMixin with your class-based-views.
> 

Doing that now.



> Have fun,
> 

Almost always.

> Arnold

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.

Re: Testing Permissions in URL Includes

2013-09-13 Thread Arnold Krille 
On Fri, 13 Sep 2013 11:30:44 -0700 Lee Hinde  wrote:
> So, the question, is there a way to wrap url include calls in a
> permission check?

Wrapping a whole url-include would only work when the url-tree is
rebuild for each request taking into account the requesting user.
Todays technologies don't do that anymore.

I would encourage you to look at django-braces and just use the
PermissionRequiredMixin with your class-based-views.

Have fun,

Arnold


signature.asc
Description: PGP signature

Testing Permissions in URL Includes

2013-09-13 Thread Lee Hinde 
Using Django 1.5.x

I have in my project urls.py entries like this:

   url(r'^staff/people/', include('people.urls')),
   url(r'^staff/admin/facility', include('facility.urls')),
   url(r'^staff/admin', include('district.urls')),
   url(r'^staff/section', include('classes.urls')),
   url(r'^staff/product', include('product.urls')),

With class based views, it's
documented
that
you can wrap CBV calls so that once inside, say, 'people.urls' I could do
something like:

(r'^vote/', permission_required('polls.can_vote')(VoteView*.*
as_view())),

I haven't found it in the docs yet, but it looks like I can do similar
things with function views:

url(r'^edit/(?P\d+)', login_required(people_detail)),

The thing is, there are crap-ton of those calls and it'd be nice to check
things higher up in the call chain. Specifically, I'd like to wrap all the
url includes above like:

  url(r'^staff/people/',
permission_required('some_permission_that_youre_staff')
 include('people.urls')),

I.e., check access based on the url path.

But, I've tried that and I get  errors.

I found this:http://djangosnippets.org/snippets/1219/ which does what I
want, but I'm a little nervous about using something written 5 years ago
with django 1.5. Even assuming it works for me, I'm nervous about getting
too far off the built-in tools with authentication and permissions stuff.
it's documented that the core team is smarter than I am.

So, the question, is there a way to wrap url include calls in a permission
check?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
For more options, visit https://groups.google.com/groups/opt_out.