æšæºã®user.has_perm("perm")
ã¡ãœããã䜿çšãããšããŠãŒã¶ãŒãã°ããŒãã«æš©é"perm"
ãæã£ãŠããå Žåã«ã®ã¿ã True
ãè¿ãããŸãã
ãŸãã user.has_perm("perm", obj)
ã䜿çšãããŠããå ŽåããŠãŒã¶ãŒããã®ç¹å®ã®ãªããžã§ã¯ãã«ã¢ã¯ã»ã¹ããæš©éãæã£ãŠããã°ã True
ã«ãªããŸãã
ãã ãããŠãŒã¶ãŒãã°ããŒãã«æš©é"perm"
ãæã£ãŠããå Žåã§ãã False
ãè¿ãããŸããããã¯ãã°ããŒãã«æš©éããããšãŠãŒã¶ãŒããã¹ãŠã®ãªããžã§ã¯ãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããšæ³å®ããŠãããããç§ã«ãšã£ãŠã¯ãŸã£ããäºæ³å€ã®ããšã§ãã ç§ã¯æ£ããã§ããïŒ
ããå°ãæãäžããŠã¿ããšãåããŒããã·ã§ã³ããã¯ãšã³ãã¯ç¬ç«ããŠæ©èœããã¯ããªã®ã§ãäžèšã®ãããªç¶æ³ã¯ãªãã¯ãã§ãã ããããäœããã®çç±ã§ãªããžã§ã¯ãã€ã³ã¹ã¿ã³ã¹ãæäŸããuser.has_perm
ãåŒã³åºããšããªããžã§ã¯ãã¬ãã«ã®ã¢ã¯ã»ã¹èš±å¯ã®ã¿ããã§ãã¯ãããã°ããŒãã«ã¢ã¯ã»ã¹èš±å¯ã®ãã§ãã¯ãã¹ããããããŸãã ãã®æ¯ãèãã®çç±ã¯äœãªã®ããç§ã«ã¯ããããŸããã ç§ã¯Django1.2.5ã䜿çšããŠããŸãã
ããã_AUTHENTICATION_BACKENDS_èšå®ã貌ãä»ããããšãã§ããŸããïŒ
Djangoã®ããã¥ã¡ã³ãããã§ã«èªãã§ããã®ã§ãæå®ãããããã¯ãšã³ãã®é åºãéèŠã§ããããšããåç¥ã§ãããã
ã¢ããªã±ãŒã·ã§ã³ã«æ¬¡ã®ãããªãã®ããããšæããŸãã
AUTHENTICATION_BACKENDS = (
'guardian.backends.ObjectPermissionBackend',
'django.contrib.auth.backends.ModelBackend',
)
ãŸãã¯ããïŒ
from django.conf import global_settings
AUTHENTICATION_BACKENDS = (
'guardian.backends.ObjectPermissionBackend',
) + global_settings.AUTHENTICATION_BACKENDS
ããã©ã«ãã®ããã¯ãšã³ããæåã«æå®ãããŠããããšã確èªããŠãã ããã
ãããåé¡ã§ããããšã確èªã§ããŸããïŒ ããã§ãªãå Žåã¯ãããã«æ å ±ãè¿œå ããŠãã ããïŒãããããä»ã®ããã¯ãšã³ãã䜿çšãããã_User.has_perm_ã¡ãœããã䜿çšããä»ã®ã¢ããªã¢ã³ããŒãããã䜿çšããŸããïŒïŒã
ããããŸãããç§ã¯ããŸãã«ãç²ããŠããããã§ãã é åºã¯_has_perm_ã®çµæã«åœ±é¿ãäžããªãããã«ããå¿ èŠããããŸãã ãããã£ãŠã䜿çšããŠããã¢ããªã±ãŒã·ã§ã³èšå®ã«é¢ãã詳现æ å ±ãè¿œå ããŠãã ããã ããã«ããã¹ãã¹ã€ãŒãïŒ_python manage.py test guardian_ïŒãå®è¡ããããšã§ãä¿è·è ãæ£ããæ©èœããããšã確èªã§ããŸãã
ãããããããŸãããç§ã¯ããªãã®åé¡ãããäžåºŠèªã¿ãŸããã ããã©ã«ãã®_auth.ModelBackend_ã¯_supports_object_permissions_ããµããŒãããŠããŸããïŒãã®å±æ§ã¯_False_ã§ãïŒã Djangoã®ããã¥ã¡ã³ãã«ãããšã1.4ããããã©ã«ãã®ããã¯ãšã³ãã®ãµããŒããè¿œå ãããŸãã
ãããã£ãŠãããªãã®ç¶æ³ã§ã¯ãè¡åã¯çµ¶å¯Ÿçã«æ£ãããæåŸ ãããŠããŸãã ããã©ã«ãã®ããã¯ãšã³ãã¯åã«çç¥ãããŠããŸãã
ã¢ããªã§ãªããžã§ã¯ãã¬ãã«ã®æš©éã確èªããåã«ãã°ããŒãã«æš©éã確èªããå¿ èŠããããŸãã ããã¯ç§ãèããããšãã§ããæãç°¡åãªè§£æ±ºçã§ãã
_invalid_ãšããŠçµäºããŸãããæ°ããã³ã¡ã³ãã§å床éãããå Žåã¯ããæ°è»œã«è¡ã£ãŠãã ããã
ããããŸãããããªããæ£ããããã«èŠããŸãã ããããã°ããŒãã«æš©éããã§ãã¯ããªããšãç§ã«ãšã£ãŠæ·±å»ãªåé¡ãçºçããŸãã ããšãã°ã guardian.decorators.permission_required
ã®å Žåãããã¯ãç§ãæ³å®ããããã«ãè¿œå ã®ãªããžã§ã¯ãã¬ãã«ã®ã¢ã¯ã»ã¹èš±å¯ãã§ãã¯ã䜿çšããŠãéåžžã®django.contrib.auth.decorators.permission_required
ã®æ©èœãæ¡åŒµããå¿
èŠããããŸãã
åé¡ã¯ãã°ããŒãã«ããŒããã·ã§ã³ã䜿çšããå®çšçãªã¢ããªã±ãŒã·ã§ã³ããããããã«ãªããžã§ã¯ãã¬ãã«ã®ããŒããã·ã§ã³ãè¿œå ãããã£ãã®ã§ãããã©ã«ãã®permission_required
ãã³ã¬ãŒã¿ãdjango-guardianãããªããžã§ã¯ãã¬ãã«ã®ãã³ã¬ãŒã¿ã«å€æŽããããšã§ãããã®åŸããŠãŒã¶ãŒã¯ã°ããŒãã«æš©éã«åºã¥ãã¢ã¯ã»ã¹æš©ã倱ããŸããã
ç§ã«ã¯äºæããªãåäœã®ããã«èŠããŸãããã³ãŒãã調ã¹ãªããšæããã§ã¯ãªããããå°ãªããšããã®ã±ãŒã¹ãããã¥ã¡ã³ãã«è¿œå ããŠãã ããã
ç§ã®å Žåãããã¯èšèšäžã®æ¬ é¥ã§ãããã³ãŒãå šäœã§äœåãªãã§ãã¯ãè¡ãããã°ããŒãã«ãšãªããžã§ã¯ãããšã®äž¡æ¹ã§ã¢ã¯ã»ã¹èš±å¯ã確èªããå¿ èŠããããŸãã
@ã³ã¢ã®ã¥ã©ã³ãïŒDjangoã®èªèšŒããå®éã«ãã³ã¬ãŒã¿ã_æ¡åŒµ_ããããšã¯æè»ã§ã¯ãããŸããã ãã®ã¢ããªã¯ãå ã®æš©éãæ¡åŒµããã®ã§ã¯ãªãã_ãªããžã§ã¯ãã®æš©é_ãå®è£ ããããšãç®çãšããŠããŸãã ã€ãŸããä¿è·è ãšãªããžã§ã¯ãã¬ãã«ã®æš©éã®ã¿ã䜿çšããä»ã®ã¢ããªã䜿çšãããå Žåã¯ã©ããªããŸããïŒ ç®¡çè ã®ã¿ã§ã°ããŒãã«æš©éã䜿çšããéåžžã®ãŠãŒã¶ãŒã«ä»äžãããã¢ããªã§ãªããžã§ã¯ãã¬ãã«ã®æš©éã䜿çšããå Žåã¯ã©ããªããŸããïŒ ãŠãŒã¶ãŒããªããžã§ã¯ãã«å¯ŸããŠäœããã®ã¢ã¯ã·ã§ã³ãå®è¡ã§ããããã«ããããã«ãã¢ããªãã°ããŒãã«æš©éãšãªããžã§ã¯ãã¬ãã«ã®æš©éã®äž¡æ¹ãå¿ èŠãšããå Žåã¯ã©ããªããŸããïŒ å€ãã®å Žåãä¿è·è ã¯ããããã¹ãŠãã«ããŒããããšã¯ãããŸããã
äžæ¹ããã®ç¹å®ã®ãŠãŒã¹ã±ãŒã¹ã¯ä»ã®ãŠãŒã¹ã±ãŒã¹ãããäžè¬çã§ããå¯èœæ§ãããããšãèªããããšãã§ããŸãã ããã«èå³ã®ãã人ã¯ãèŠä»¶ãæå®ããŠå¥ã®åé¡ãæåºããŠãã ããã ããã¯ãããã¯ã¯ãŒãã®éäºææ§ãªãã«ãã€ãŸãæ°ããæ§æèšå®ã䜿çšããŠç°¡åã«å®çŸã§ãããšæããŸãã
ãªããžã§ã¯ãã¬ãã«ã®ããŒããã·ã§ã³ãšã°ããŒãã«ããŒããã·ã§ã³ã®äž¡æ¹ããã§ãã¯ããpermission_requiredãã³ã¬ãŒã¿ããã1ã€è¿œå ãããå Žåã¯ãç§ã«ãšã£ãŠäŸ¿å©ã§ãã ããã¯ç§ã®åé¡ãã«ããŒããã§ãããã
@Dzejkob ãæåŸã®ã³ãããããã§ãã¯ããŠãããã§ååãã©ãããæããŠãã ããïŒã°ããŒãã«æš©éãåãå ¥ããããã®ãã©ã°ãè¿œå ããŸããïŒã ãŸãããã³ã¬ãŒã¿èªäœã§docstringãæ¡åŒµããã ãã§ååãã©ããããŸãã¯ããå€ãã®äŸ/ãã説æçãªããã¥ã¡ã³ããè¿œå ããå¿ èŠããããã©ãããæããŠãã ããã
泚ïŒã³ãããã¯æ°ãããã©ã³ãã«ãããŸãïŒ_feature / add-accept_global_perms-flag-for-decorators_
@lukaszbã¯ãããããžã§ã¯ãã«Guardianã®æ°ãããã©ã³ãããŒãžã§ã³ãã€ã³ã¹ããŒã«ãã permission_required
ãã³ã¬ãŒã¿accept_global_perms=True
ã«ãã©ã¡ãŒã¿ãè¿œå ããŸããããæ£åžžã«æ©èœããŠããããã§ãã ãã®æ©èœãäœæããŠããã ãããããšãããããŸãã ãã©ã³ã¯ã«ããŒãžããã®ã¯è¯ãèãã ãšæããŸãã
ããã¥ã¡ã³ãã«ã€ããŠã¯ãç§ã«ã¯éåžžã«æ確ãªã®ã§ãããã§ååã ãšæããŸãã
ããã¯ãã£ãšåã«ä¿®æ£ãããŸããã
ããã«ã¡ã¯ãç§ã¯jango-guardianãè©ŠããŠãããšãã«ãã®åé¡ãèŠã€ããŸãããããã®åäœã¯ãã°ãå€ããéåžžã«æ··ä¹±ããŠããããšãããããŸããã
ãŠãŒã¶ãŒã«ã°ããŒãã«æš©éïŒ view_user
ãšåŒã³ãŸãããïŒãè¿œå ãïŒ joe
ãšåŒã³ãŸãããïŒãJoeãç¹å®ã®ãŠãŒã¶ãŒã衚瀺ã§ãããã©ããã確èªããŸããïŒ other_user
ãšåŒã³ãŸãããïŒã ïŒãããŠé©ãã¹ãããšã«ããã¯False
ãè¿ããŸããã
joe = User.objects.get(username="joe")
other_user = User.objects.get(username="other_user")
assign_perm("myapp.view_user", joe)
joe.has_perm("myapp.view_user") # True as expected
joe.has_perm("myapp.view_user", other_user) # False, whaaaat?
REST_FRAMEWORK/DEFAULT_PERMISSION_CLASSES
ãšAUTHENTICATION_BACKENDS
ãsettings.py
ã«ããããããã¥ãŒã»ãããæš©éããèªåçã«ããã§ãã¯ããŠããããã permission_required
ãã³ã¬ãŒã¿ãæ瀺çã«äœ¿çšããŠããŸããã ã ãã®å Žåãä¿è·è
ã«æåŸ
ã©ããã«åäœããããã«æ瀺ããã«ã¯ã©ãããã°ããã§ããïŒ
ïŒç§ãæ¬åœã«æããªäœããèŠéããŠããå Žåã¯ãè©«ã³ããŸããããã¯ãžã£ã³ãŽã©ã³ãã®2/3æ¥ç®ã®ãããªãã®ã§ãïŒ
ä»æ¥ã®éšãã§ç³ãèš³ãããŸãããã guardian.shortcuts.get_objects_for_user()
ãããã©ã«ãã§auth / globalæš©éïŒ accept_global_perms
ïŒãå°éããããšã¯ããã«èå³æ·±ã/æ··ä¹±ãæããŸãã
accept_global_perms: if True takes global permissions into account.
[...]
Default is True.
ãã®åé¡ã¯å¥ã®åé¡ãåªå ããŠã¯ããŒãºãããŸããããããã«ã¯å€ãã®æŽå¯ãããã®ã§ãäŒè©±ãåã³ããç«ãŠãããã«ããã«æžããŠããŸãã Pythonã®Zenã¯æ¬¡ã®ããã«è¿°ã¹ãŠããŸãã
ãããè¡ãããã®æçœãªæ¹æ³ã¯1ã€ãã§ããã°1ã€ã ãã§ããå¿ èŠããããŸãã
ãããŠç§ã«ãšã£ãŠãããã¯_ããŒã«ã«ïŒãªããžã§ã¯ãã¬ãã«ïŒãæå®ãããŠããªããšãã«ã°ããŒãã«ã«ãã©ãŒã«ããã¯ããããšã§ã_ã é åºã«ãã£ãŠçµæãå€ããããšã¯ãããŸãããïŒDjango returns False if obj is not None
以éïŒãããã©ãŒãã³ã¹ãå€ããå¯èœæ§ããããŸãã
ç§ã¯ãã³ãŒãå
šäœãããã«ãã§ãã¯ããããšã¯è¯ãèšèšã§ã¯ãªããããæå³ã§DRYã®ååã«ãåããããšã«åæããŸãã ãã ããDjangoã®ããã©ã«ãã®ããã¯ãšã³ãå
ã§å©çšå¯èœãªã¬ãŒãã£ã¢ã³å®è£
æ©èœãDRYã§ã¯ãããŸããã ãã®Djangoã¯è€æ°ã®ããã¯ãšã³ããèš±å¯ããé çªã«1ã€ãã€ãã§ãã¯ããããšã¯ãããã¯ãšã³ããäºãã«çœ®ãæããããã®ã§ã¯ãªããäžç·ã«åçãããããšã«ãªã£ãŠããããšã瀺ããŠããŸãã ãããæ£ãããã°ã obj is not None
ã_ééã£ãŠãã_å ŽåãDjangoã¯ã°ããŒãã«ã®ãã§ãã¯ãæåŠããŸãã Djangoãobj
ãç¡èŠããå Žåãããã¯ãªããžã§ã¯ããã§ãã«ãŒã®ã°ããŒãã«ãã©ãŒã«ããã¯ã§ããå¯èœæ§ããããŸãã
Djangoã§ãã±ãããéããæ¿èªããã¯ãšã³ããçžäºã«é£æºãããã©ããããŸãã©ã®ããã«é£æºããããå°ããŠãããããããé²ãå¿ èŠããããšæããŸãã
ããã¯èšã£ãŠããDjangoããã®åäœãå€æŽããå¯èœæ§ã¯éåžžã«äœããšæããŸãïŒç§ã¯ãŸã å°ããã¹ãã ãšæããŸããïŒã®ã§ãçŸç¶ã¯ãã¬ãŒãã£ã¢ã³ãã©ã¡ããæããã«å¿ããŠäž¡æ¹ãæäŸã§ããããã«é²åããå¿ èŠãããããšã瀺ããŠããŸãïŒèšå®ãŸãã¯é¢æ°ã®åŒæ°ãä»ããŠèšå®ã§ããŸãïŒã ããããç§ãæãããã©ã«ãã®åäœã¯ãå šé¢çã«falseã®å Žåã®_ããŒã«ã«ããã°ããŒãã«ãžã®ãã©ãŒã«ããã¯ã§ãã
Djangoããã©ã€ã¹ããŒãããŒããã·ã§ã³ã·ã¹ãã ïŒTrueãFalseãNoneïŒã奜ããªããç§ã¯ãããããã奜ãã§ãã ãã®å ŽåãããŒã«ã«ãã§ãã«ãŒã¯False
ãä»ããŠã°ããŒãã«ã_ãªãŒããŒã©ã€ã_ã§ããŸãã ãããŠã None
ãä»ããŠãåããã¯ãšã³ãã¯ãããããŸããã次ã®è¡ã«è³ªåããŠãã ããããšèšãããšãã§ããŸãã ãã®å ŽåãDjangoã¯ããã¯ãšã³ãã®1ã€ã§True or False
ãååŸããåŸããã§ãã¯ãåæ¢ããåŠçèœåã®æµªè²»ãåæ¢ããŸãã
ããã«ãããåããã¯ãšã³ãã«ããå€ãã®åãäžããããŸãã決å®çãªçããäžããããä»ã®äººãåç §ãããã§ããŸãã
@doganmeh Djangoã¯ããã©ã€ã¹ããŒãæš©éã·ã¹ãã ãå®è£ ããŠããŸãïŒå°ãªããšã1.10以éïŒã ãªãã·ã§ã³ã¯ãTrueãNoneãããã³PermissionDeniedã®çºçã§ãã åŸã§å®è¡ãããšãDjangoã¯ãã§ãã¯ãåæ¢ããFalseãè¿ããŸãã
åœé¢ã®åé¡ã«ã€ããŠã¯ãContrib.Authã®åé¡ã ãšæããŸãã ããã¯ããã°ããŒãã«æš©éããåŠçããããã¯ãšã³ãã§ãã åé¡ã¯ãobj = Noneã®has_permããããŒãã«ã®ã¢ã¯ã»ã¹èš±å¯ãã®ã¿ããã§ãã¯ããobjã®has_permããè¡ã®ã¢ã¯ã»ã¹èš±å¯ãã®ã¿ããã§ãã¯ãããšããéæ¥çãªèŠåã確ç«ããŠããããšã§ãã 圌ãããããå€æŽããå¯èœæ§ã¯äœãã§ãããäž¡æ¹ã®ãã§ãã¯ããµããŒãããããã«APIãæ¡åŒµããããšãåãå ¥ããå¿ èŠããããŸãã
ïŒå°ãªããšããäž¡æ¹ããã§ãã¯ããããã®åäœãè¿œå ããããšãåãå ¥ããŠãããããšãé¡ã£ãŠããŸãã圌ãã®ã·ã¹ãã ã«ã¯æãããªæ¬ é¥ãããããã§ããïŒ
ãäž¡æ¹ããã§ãã¯ãããAPIã«ã€ããŠã®ããªãã®ææ¡ã¯äœã§ããïŒ ç§ãèããããšãã§ããæé«ã®ãã®ã¯kwargã§ãã
ç§ã¯ãPermissionããŒãã«ã«NullBooleanFieldãããæ瀺çãªãã©ã€ã¹ããŒãã·ã¹ãã ã«ã€ããŠè©±ããŠããŸããã 確ãã«ã True
ã®æ¬ åŠïŒãŸãã¯èš±å¯ã®æ¬ åŠïŒãNone
ãšèŠãªããšããã©ã€ã¹ããŒããšèŠãªãããå¯èœæ§ããããŸãã ãã®å Žåãä¿è·è
ã«ãã£ãŠæå®ãããŠããªãæš©éã¯None
ãšèŠãªããã決å®ã¯ã°ããŒãã«ã«å§ä»»ãããå¿
èŠããããŸãã ãã ããéžæè¢ãããã°ãæ瀺çãªãã¶ã€ã³ãæ¡çšããŸãã
@airstandley次ã®ããã«user.has_perm
ã«kwargãè¿œå ããããšãæå³ããŠãããšæããŸãã
def has_perm(self, perm, obj=None, fallback=False)
ããã圹ç«ã€ãšæããŸãã fallback=True
ã®å Žåãä¿è·è
ã¯Djangoããã¯ãšã³ããåŒã³åºããŠã°ããŒãã«ãè¿ããŸãã ãã ããéžæè¢ãããã°ãDjangoãžã®ãã©ãŒã«ããã¯ã¯ãå
éšãä¹ã£åãã®ã§ã¯ãªãããã¬ãŒã ã¯ãŒã¯ã«ãã£ãŠèªç¶ã«åŠçãããããšãæãã§ããŸãã
@doganmehç³ãèš³ãããŸããããç§ã¯ãã¹ããŒã¯ããŸããã ãTrueã False ãããã³PermissionDeniedã®çºçããšèªãå¿ èŠããããŸãã ãããïŒ
ãªãã·ã§ã³ã¯ãTrueãNoneãããã³PermissionDeniedã®çºçã§ãã
åŸè ã¯ç§ã®é ã®äžã®ãªã¿ãŒã³ã«ã€ããŠã©ãæããã§ã...
ç§ãããªããæå³ããããšã誀解ãããããããªããšæããŸã
Djangoããã©ã€ã¹ããŒãèš±å¯ã·ã¹ãã ã奜ããªããç§ã¯ãããããã奜ãã§ã
æ確ã«ããããã«ãã·ã¹ãã å šäœã§ã¯ãªããããŒããã·ã§ã³ã¢ãã«ã®å®è£ ã«ã€ããŠå ·äœçã«è©±ããŠããŸãããïŒ
ç§ã®ãã€ã³ãã¯ãèªèšŒããã¯ãšã³ãã·ã¹ãã ãããªãã説æããæ£ç¢ºãªã·ã§ãŒãã«ãããèš±å¯ãããšããããšã§ããïŒå°ãªããšãhas_perm
ã has_module_perms
apiã«ã€ããŠïŒã åçŽã§ã¯ãªãã«ããŠããããã¯æçœã§ãã
ãã¹ãŠã®ããã¯ãšã³ãã¯ãããèªäœã§æ±ºå®ãè¡ãïŒTrueãŸãã¯PermissionDeniedãè¿ãïŒãããã§ãŒã³å
ã®æ¬¡ã®ããã¯ãšã³ãã«æ±ºå®ãå§ä»»ããïŒFalseãè¿ãïŒããšãã§ããŸãã ããã¯å®è£
åºæã®æ±ºå®ã§ãããã·ã¹ãã èªäœã®å質ã§ã¯ãããŸããã
æ瀺çãªObjectPermissionBackendã¯ç§ã®ãããžã§ã¯ãã®åé¡ã«ãªããããæ瀺çã«ããªãããšãéžæããŸãã ïŒãæ瀺æ§ãã¯ãä»ã®ããŒããã·ã§ã³ãã§ãã¯ããã¯ãšã³ããšã®çµ±åãé¢åã«ããŸããïŒããªãã®ããã«ãä»ã®äººã¯ãããæ瀺çã§ããããšã奜ããšæããŸãã ãããã£ãŠãèšå®ãšããŠãæ瀺æ§ããæã€ããšã¯ç§ã«ã¯çã«ããªã£ãŠããŸãã
@doganmeh
ããã§ãã¯ã¯ãŒã°ã«ã€ããŠã
ãŸãæåã«ãauthã®ããã¯ãšã³ãã·ã¹ãã ã®åäœãã©ã®ããã«æ©èœããããšãæå³ããŠãããã«ã€ããŠãç§ãã¡ãåãããŒãžã«ããªãããšãå¿é
ãç¶ããŸãã æ確ã«ããããã«ïŒ
ç§ã®ç解ã§ã¯ãããã¯ãšã³ããé£æºããããšãæå³ãããŠããŸããã ã¢ããªãauthã®ããŒããã·ã§ã³ã·ã¹ãã ïŒã€ãŸãããã°ããŒãã«ããŒããã·ã§ã³ããæè¡çã«ã¯ãããŒãã«ããŒããã·ã§ã³ãã§ããããpotatoeãpotatoïŒã䜿çšãããå Žåã¯ãauthModelBackendãAUTH_BACKENDSã«ã€ã³ã¹ããŒã«ããŸãã ãã®ã¢ããªãä¿è·è
ã®ObjectPermissionã·ã¹ãã ïŒã€ãŸããè¡ã®ã¢ã¯ã»ã¹èš±å¯ãïŒã䜿çšãããå ŽåãAUTH_BACKENDSã«ä¿è·è
ã®ObjectPermissionBackendã¯ãããŸããã
ModelBackendã¯ã°ããŒãã«æš©éãåŠçããŸãã
ObjectPermissionBackendã¯ããªããžã§ã¯ãã®ã¢ã¯ã»ã¹èš±å¯ãåŠçããŸãã
ãŠãŒã¶ãŒããªããžã§ã¯ãæš©éããæã£ãŠããªãå ŽåãModelBackendã¯has_perm
ã«å¯ŸããŠTrueãè¿ãããšã¯ãããŸããã ãŠãŒã¶ãŒãã°ããŒãã«æš©éããæã£ãŠããªãå ŽåãObjectPermissionBackendã¯has_perm
ã«å¯ŸããŠTrueãè¿ãããšã¯ãããŸããã ã©ã¡ãã®å Žåããuser.has_permïŒpermãobjïŒã®åŒã³åºãã¯trueãè¿ãå¿
èŠããããŸããããã¯ããŠãŒã¶ãŒãã€ã³ã¹ããŒã«ãããããã¯ãšã³ãã®_one_ã«å¯Ÿããæš©éãæã£ãŠããããã§ãã ïŒããã¯ãModelBackendããã®ã¢ã«ãŠã³ãã§å€±æããããã«åé¡ãçºçããããã§ãïŒ
ããŠãããããã¹ãŠäžããŠãã ããã
äºææ§ãåé¡ã«ãªããªãçæ³çãªäžçã§ã¯ãç§ãcontrib.authã®ModelBackendã«åçŽãªå€æŽãå ããããšã奜ã¿ãŸãã ModelBackend.has_perm(user_obj, perm, obj=None)
ã¯ããŠãŒã¶ãŒãpermã§æå®ããããã°ããŒãã«æš©éããæã£ãŠããå Žåã«Trueãè¿ãå¿
èŠããããŸãã objãNoneã§ãããã©ããã«é¢ä¿ãªãã
ãã ããäºææ§ãåé¡ã§ãããããåé¡ã®è§£æ±ºçããããã©ãããå°ããŸãã
ç§ãèããããšãã§ããå¯äžã®_äžäœäºææ§ã®ãã_ãœãªã¥ãŒã·ã§ã³ã¯ãAPIã«kwargãè¿œå ããããAUTHèšå®ãè¿œå ããããšã§ãã
ã ããkwargsïŒ
ãããobj_shortcut
ãšåŒã³ãŸããããããã¯ãé ã®ãŠã£ãºãããæãã€ãããšãã§ããæé«ã®ãã®ã ããã§ãã object_shortcut
ã¯ããã©ã«ãã§Trueã«ãªããŸãã object_shortcut
ãTrueã®å Žåãããã¯ãšã³ãã¯ModelBackendãšåãããã«åäœããå¿
èŠããããŸããobjãNoneã®å Žåãããã¯ãšã³ãã¯ãããŒãã«/ã°ããŒãã«ãæš©éã_only_ãã§ãã¯ããå¿
èŠããããŸãããã以å€ã®å Žåã¯ããè¡/ãªããžã§ã¯ããæš©éã_only_ãã§ãã¯ããå¿
èŠããããŸãã ãã ãã object_shortcut
ãFalseã®å Žåãããã¯ãšã³ãã¯äž¡æ¹ã奜ãããã«åäœããå¿
èŠããããŸãããªããžã§ã¯ããNoneã§ãªãå Žåãããã¯ãšã³ãã¯ã°ããŒãã«æš©éãšãªããžã§ã¯ãæš©éã®äž¡æ¹ããã§ãã¯ããŸãã ããããã°ãGuardianã®ãããªã¢ããªã³ã¯ãããã©ã«ããšããŠobject_shortcut=False
ã䜿çšããhas_perm
ã¡ãœããã®ããã¯ã¹ã€ã³ãåžžã«æäŸã§ããŸãã user.has_perm(perm, obj, object_shortcut=False)
ã¯ãpermã§è¡šãããããŒããã·ã§ã³ãUserã«å²ãåœãŠãããŠããå Žåãæ£ããTrueãè¿ããŸããã user.has_perm(perm, obj)
ãžã®ã¬ã¬ã·ãŒåŒã³åºãã¯åŒãç¶ãFalseãè¿ããŸãã
èšå®ã¯åãçµæã«ãªããŸãããåºæ¬çã«ã¯ModelBackend._get_permissions
ã«åãæ¿ãããŸãã
if not user_obj.is_active or user_obj.is_anonymous or obj is not None:
return set()
次ã®ããã«ãªããŸãïŒ
if not user_obj.is_active or user_obj.is_anonymous or (obj is not None and legacy_behaviour_setting_is _on):
return set()
ã©ã¡ããè¯ããããããªãã èšå®ã¯ããã¯ãªãŒã³ã ãšæããŸãããDjangoã®éçºè ã¯ããã決å®ããè³æ Œããããšç¢ºä¿¡ããŠããŸãã
ãã€ã³ãã¯ãåé¡ãä¿®æ£ã§ããããšã§ãããã®åé¡ã¯ãGuardianã§ã¯ãªãDjangoã®ãã°ã§ãããšåŒ·ãä¿¡ããŠããŸãã
@airstandleyããã§ãã False
ãŸãã¯None
ã¯é¢ä¿ãããŸããã ã©ã¡ããç§ã«ã¯ããããªããšããæå³ã§ãã æçµçã«èª°ãç¥ããªãå Žåãèš±å¯ã¯äžããããŸããã
ç§ã¯äžè¬çã«ããªããšåãããŒãžã«ããŸãããdjangoãããã¯ãšã³ããäœããã®æ¹æ³ã§åäœãããããã«åŒ·å¶ãããšãç·©ãçµåæ§ãäœäžããããã§ãã åããã¯ãšã³ããä»äºãéè¡ããããã«å¿ èŠãªæ å ±ãååŸã§ããããã«ããã¡ã«ããºã ãå¿ èŠã ãšæããŸãã ç§ã¯ããŒã¯ãŒãã®è°è«ã«ã€ããŠããªããšäžç·ã«ããŸãããäœããã®æ¹æ³ã§åŒ·å¶ããã ãã§ã¯ãããŸããã
ãã®äŒè©±ã¯æéã®ç¡é§ã®ããã«æããŸãããä¿è·è ã«èš±å¯ãäžããããŠããªãããšã¯åŠå®ã§ã¯ãªããåã«æ å ±ãäžè¶³ããŠããããšãç§èªèº«ã«æ確ã«ããã®ã«åœ¹ç«ã¡ãŸããã
ãšã«ããããã«ãªã¯ãšã¹ãïŒ546ãããŸããã ãã²ãã§ãã¯ããŠãææ³ãèãããŠãã ããã
ç§ã¯djangoã§ãã±ãããäœæããŸããïŒ https ïŒ//code.djangoproject.com/ticket/29012ããããŠåœŒãã¯äœãšèšãã ããããšæããŸãã
djangoã«ã¯ä»ã«ãããã€ãã®ãã±ããããã£ãããã§ãïŒ https ïŒ//code.djangoproject.com/ticket/20218
ç§ã¯ç§ã®ãã®ãéããŸããã
@doganmeh
ç§ã¯ããªããïŒ546ã«åãã£ãŠããæ¹åã奜ãã§ãã ãããå©ãã«ãªããªããç§ã¯æ®ãã®ãŠãããã調ã¹ãŠãä»é±æ«ã«ãããã®ãã©ãŒã«ããã¯ã®ããã«ããã€ãã®ãã¹ããæžãæéãããã¯ãã§ãã
æ¥ç·äžã ãDjangoã®ããã¯ãšã³ãã®åŒ·å¶ãã«ã€ããŠã®ããªãã®ã³ã¡ã³ãã¯ãç§ãæ··ä¹±ãããŸãããããã¯ãŸãç§ã«èããäžããŸããã ããã¯ãšã³ãã¯å¥œããªããã«åäœã§ããŸãã Guardianã®ObjectPermissionBackendã«é¢ããæåã®æžå¿µã¯ãAuthã®ModelBackendãšäžç·ã«å®è¡ããããã«èšèšãããŠããããšã瀺åããããã¥ã¡ã³ãã«ç±æ¥ããŠããŸãã Guardianã¯ãè€æ°ã®ããã¯ãšã³ããæäŸã§ããŸãã1ã€ã¯ModelBackendã§åäœããããã«èšèšãããŠããããã1ã€ã¯åç¬ã§åäœããããã«èšèšãããŠããŸãã ïŒã€ãŸãã1ã€ã¯Guardianã®UserObjectPermission / GroupObjectPermissionããŒãã«ããã§ãã¯ããã ãã§ããã1ã€ã¯UserObjectPermission / GroupObjectPermissionããŒãã«ãšAuthã®PermissionããŒãã«ã®äž¡æ¹ããã§ãã¯ããŸããïŒ
å人çã«ã¯ãèšå®ãškwargsã䜿çšããçŸåšã®ã¢ãããŒãã奜ã¿ãŸãã ãã«ãããã¯ãšã³ãã¢ãããŒãã®äž»ãªæ¬ ç¹ã¯ãã·ã§ãŒãã«ãããšäŸ¿å©ãªé¢æ°ãã©ã®ããã«åäœããããäžæ確ã«ãªãããšã ãšæããŸãã
Djangodevã¡ãŒãªã³ã°ãªã¹ããžã®æçš¿ãèŠãŸããã 圌ãããããåãå ¥ããããäºææ§ã®ãªãæ¹æ³ã§åäœãå€æŽããããšã«åæããããšãé¡ã£ãŠããŸãã APIã®çŸåšã®å¶éã¯ãäžæ Œå¥œã§ãã
ããã§ãµããŒãããŠããããŸããïŒ ð
Mail for Windows10ããéä¿¡
å·®åºäººïŒairstandley
éä¿¡æ¥ïŒ2018幎1æ12æ¥éææ¥12:06 PM
å®å
ïŒdjango-guardian / django-guardian
CcïŒMehmet Dogan; èšå
件åïŒReïŒ[django-guardian / django-guardian] user.has_permïŒ "perm"ãobjïŒãäºæããªãåäœãããïŒïŒ49ïŒ
Djangodevã¡ãŒãªã³ã°ãªã¹ããžã®æçš¿ãèŠãŸããã 圌ãããããåãå
¥ããããäºææ§ã®ãªãæ¹æ³ã§åäœãå€æŽããããšã«åæããããšãé¡ã£ãŠããŸãã APIã®çŸåšã®å¶éã¯ãäžæ Œå¥œã§ãã
â
ããªããèšåãããã®ã§ãããªãã¯ãããåãåã£ãŠããŸãã
ãã®ã¡ãŒã«ã«çŽæ¥è¿ä¿¡ããããGitHubã§è¡šç€ºããããã¹ã¬ããããã¥ãŒãããŠãã ããã
ãã®åé¡ã«çŽ1é±é察åŠããåŸãåããã¯ãšã³ãã1ã€ã®ããšãã€ãŸãGuardianã®ãªããžã§ã¯ãæš©éãå®è¡ããã ãã§ãããšç¢ºä¿¡ããããã«ãªããŸããã ãã®ããã«ã¯ãDjangoã¯obj
ãããé©åã«åŠçããå¿
èŠããããŸãã
ãã®ããã«Djangoã«éä¿¡ãããããããããŸãïŒ https ïŒ//github.com/django/django/pull/9581ïŒå¯èœã§ããã°ã³ã¡ã³ãããŠãã ããïŒã ãããå®çŸãããã®ã¯ãGuardianã«ãããšãããªãã©ãã§ãã¢ãã«æš©éã®ååŸãã¯ãªãŒã³ã¢ããããããã©ã«ãã®ããã¯ãšã³ããåŒã³åºãã ãã§ãã
æãåèã«ãªãã³ã¡ã³ã
ããã_AUTHENTICATION_BACKENDS_èšå®ã貌ãä»ããããšãã§ããŸããïŒ
Djangoã®ããã¥ã¡ã³ãããã§ã«èªãã§ããã®ã§ãæå®ãããããã¯ãšã³ãã®é åºãéèŠã§ããããšããåç¥ã§ãããã
ã¢ããªã±ãŒã·ã§ã³ã«æ¬¡ã®ãããªãã®ããããšæããŸãã
ãŸãã¯ããïŒ
ããã©ã«ãã®ããã¯ãšã³ããæåã«æå®ãããŠããããšã確èªããŠãã ããã
ãããåé¡ã§ããããšã確èªã§ããŸããïŒ ããã§ãªãå Žåã¯ãããã«æ å ±ãè¿œå ããŠãã ããïŒãããããä»ã®ããã¯ãšã³ãã䜿çšãããã_User.has_perm_ã¡ãœããã䜿çšããä»ã®ã¢ããªã¢ã³ããŒãããã䜿çšããŸããïŒïŒã