PermaGate is a Django permission system which offers hierarchical permissions that can be assigned to users and groups.
pip install django-permagateto install the package-
# Add it to the list of installed apps in Django's settings.py: INSTALLED_APPS = [ ..., "permagate", ]
python manage.py migrateto create the permission models- Set the
PERMAGATE_PERMISSIONSsettings variable to the module defining the root permission (see below)
The list of permissions that may be assigned to users and groups is defined using the
Permission class. A root permission object is used as the starting point of the permission
tree and is created by calling
Permission() with the default constructor parameters. Child permission nodes can be
added to the permission tree by calling the
register() function on a permission and passing the list of child permissions:
from permagate.permission import Permission
root = Permission().register([
Permission("test", "Optional Name", "Optional Description").register([
Permission("sub1").register([
Permission("sub-sub1")
]),
Permission("sub2"),
]),
Permission("test1"),
])
# In this case, root.permission_list will return:
# ['*',
# 'test',
# 'test>',
# 'test.sub1',
# 'test.sub1>',
# 'test.sub1.sub-sub1',
# 'test.sub2',
# 'test1']
#
# This is the list of permission strings that may be assigned to users and groups.The settings variable PERMAGATE_PERMISSIONS should be set to the path of the
module defining the root permission variable:
# Assuming there's a permissions.py file in mymodule containing a variable named 'root'
# that contains the root permission:
PERMAGATE_PERMISSIONS = "mymodule.permissions"It is possible to store the permission root in a variable named something other than
root by suffixing the path with :new_root_name:
PERMAGATE_PERMISSIONS = "mymodule.permissions:permission_root"Permissions in the user-defined hierarchy may be referenced using dot-separated strings, where each string segment is a permission key. The '*' and '>' are special characters where:
- '>' is referred to as the inclusive wildcard since it references the current permission and its children
- '*' references the root permission and is treated as its key
To assign user and group permissions and check user access:
from permagate.models import UserPermission, GroupPermission
from permagate.core import has_permission
from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
User = get_user_model()
# Assign a permission to a user
test_user = User.objects.create(username="test")
UserPermission.objects.create(user=test_user, permission="test>")
# Assign a permission to a group
test_group = Group.objects.create(group="test")
GroupPermission.objects.create(group=test_group, permission="test.sub1>")
test_user_two = User.objects.create(username="test2")
test_group.user_set.add(test_user_two)
if has_permission(test_user, "test.sub1"):
print(f"User {test_user.username} has permission test.sub1 due to direct assignment")
if has_permission(test_user_two, "test.sub1"):
print(f"User {test_user_two.username} inherits permission test.sub1 via group assignment")Note that the permission strings assigned to users may include the inclusive wildcard character while absolute permission paths must be used when verifying user permissions.