django-rulez is a lean, fast and complete rules-based permissions system for the django framework.
Most other authentication frameworks focus on using database joins, which gets pretty slow after a while (since mostly every query generates a lot of joins). Django-rulez uses a memory-based hashmap instead.
Django-rulez also implements a role concept, allowing for very readable and maintainable code.
django-rulez was forked from django-rules, since some of the goals django-rules set themselves didn't match our current project goals.You can refer to their github project page for more information about this other cool project: https://github.com/maraujop/django-rules Kudos for the good work guys!
Generally, it is also an instance-level authorization backend, that stores the rules themselves as methods on models.
To install django-rulez from source:
git clone https://github.com/chrisglass/django-rulez/ django-rulez
cd django-rulez
python setup.py install
Simply install django-rulez like you would install any other pypi package:
pip install django-rulez
- Add rulez to the list of INSTALLED_APPS in your settings.py
Add the django-rulez authorization backend to the list of AUTHENTICATION_BACKENDS in `settings.py`:
AUTHENTICATION_BACKENDS = [ 'django.contrib.auth.backends.ModelBackend', # Django's default auth backend 'rulez.backends.ObjectPermissionBackend', ]
The following example should get you started:
# models.py
from rulez import registry
class myModel(models.Model):
def can_edit(self, user_obj):
'''
Not a very useful rule, but it's an example
'''
if user_obj.username == 'chris':
return True
return False
registry.register('can_edit', myModel)
Django-rulez requires to declare the rule as a method in the same model. This is very simple in case the rule applies to a model in our own application, but in some cases, we might need to set object permisions to models from 3rd-party applications (e.g. to the User model). Let's see an example for this case:
# models.py
from django.contrib.auth.models import User
from rulez import registry
def user_can_edit(self, user_obj):
'''
This function will be hooked up to the User model as a method.
The rule says that a user can only be modified by the same user
'''
if self == user_obj:
return True
return False
# 'add_to_class' is a standard Django method
User.add_to_class('can_edit', user_can_edit)
registry.register('can_edit', User)
A little more code is needed to use roles, but it's still pretty concise:
# models.py
from rulez.rolez.base import AbstractRole
from rulez import registry
class Editor(AbstractRole):
""" That's a role"""
@classmethod
def is_member(cls, user, obj):
"""Remember, class methods take the class instead of self"""
if user.username == 'chris':
return True
return False
class myModel(models.Model, ModelRoleMixin): # Don't forget the mixin!
def can_edit(self, user_obj):
'''
Not a very useful either but it's an example
'''
return self.has_role(user_obj, Editor):
registry.register('can_edit', myModel)