Permissions

CanAccessFeature

Rest framework permission class for handling authorization based on view feature groups.

CanAccessFeature(IsAuthenticated):

Example usage:

from rest_framework import generics
from rest_framework_features import schema, permissions

@schema.view('test', get='getTest')
class TestRetrieveView(generics.RetrieveAPIView):
    permission_classes = (permissions.CanAccessFeature,)

or configure with rest framework settings.py:

REST_FRAMEWORK = {
    'DEFAULT_PERMISSION_CLASSES': (
        'rest_framework_features.permissions.CanAccessFeature',
    ),
}

This class will check the user's permissions, looking the relevant feature tree. Users with is_superuser=True are permitted regardless of their feature permissions. In the above example, the has_permission method will check if the user has one of the permissions:

  • 'rest_framework_features.test'
  • 'rest_framework_features.test_getTest'

To see a more complex example:

from rest_framework import generics
from rest_framework_features import schema, permissions

@schema.view('warehouse', 'stock', get=('read', 'getStock'), put=('write', 'updateStock'), delete=('write', 'deleteStock'))
class WarehouseStockInstanceView(generics.RetrieveUpdateDestroyAPIView):
    permission_classes = (permissions.CanAccessFeature,)


@schema.view('warehouse', 'location', get=('read', 'listLocations'))
class WarehouseLocationInstanceView(generics.ListAPIView):
    permission_classes = (permissions.CanAccessFeature,)

# admin can access (getStock, updateStock, deleteStock, listLocations)
admin = User.objects.create(is_superuser=True)

# manager can access (getStock, updateStock, deleteStock, listLocations)
warehouse_manager = User.objects.create()
warehouse_manager.permissions.add('rest_framework_features.warehouse')

# worker can access (getStock, updateStock, deleteStock)
warehouse_worker = User.objects.create()
warehouse_worker.permissions.add('rest_framework_features.warehouse_stock')

# supervisor can access (getStock, updateStock, listLocations)
warehouse_supervisor = User.objects.create()
warehouse_supervisor.permissions.add('rest_framework_features.warehouse_stock_read')
warehouse_supervisor.permissions.add('rest_framework_features.warehouse_stock_write_updateStock')
warehouse_supervisor.permissions.add('rest_framework_features.warehouse_location_read')

Lucky for your these permissions can be generated using the ENABLE_PERMISSIONS setting. To read more about settings click here.