implement django-guardian for DRF API responses #379
Assignees
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently,
django-guardianis implemented for the built-in Django admin. Since Roundware is project-based, we only have object-level permissions applied to theprojectmodel and those essentially pass through to all other models via theproject_idforeign key.This works nicely, but we now need Guardian's object-level permissions to apply to the API responses generated by Django REST Framework (DRF) (
api/2/) for a new admin system. We need to be able to assign object-level permissions to users on theprojectmodel and have those filter the returned results byproject.There is a Django app
django-rest-framework-guardianthat is supposed to extend Guardian functionality to DRF: https://github.com/rpkilby/django-rest-framework-guardianRoundware APIV2 docs: https://roundware.org/api/
roundware-adminis the new admin system we are developing (for reference to the use-case): https://github.com/roundware/roundware-admin/Other Useful Documentation
http://www.django-rest-framework.org/api-guide/permissions/#djangoobjectpermissions
http://www.django-rest-framework.org/api-guide/filtering/#filtering-against-the-current-user
http://www.django-rest-framework.org/api-guide/filtering/#djangoobjectpermissionsfilter
http://www.django-rest-framework.org/tutorial/4-authentication-and-permissions/#associating-snippets-with-users
The text was updated successfully, but these errors were encountered: