tastypie/authorization.py
ïŒ133ã®ããã«-2016幎read_list
ãã¹ã¿ãŒãã©ã³ãïŒãèŠããšãããã©ã«ãã§ã¯ã read_details
äž¡æ¹ãuser.has_perm()
ãã§ãã¯ããã€ãã¹ããŸããããã¯éåžžã«å®å
šã§ã¯ãªããæªãããã©ã«ãã§ãã
Djangoã®ç®¡çè ã®ããã©ã«ãã¯åç Žãã§ãã ããã§ãç§ã¯ãããã©ã®ããã«èª€è§£ãããããèŠãããšãã§ããŸããã
https://docs.djangoproject.com/es/1.9/topics/auth/default/#permissions -and-authorization
The Django admin site uses permissions as follows:
* ...
* Access to view the change list, view the âchangeâ form and change an object is limited to users with the âchangeâ permission for that type of object.
åºæ¬çã«ããchange_xyzãã¯ãèªã¿åãããšãæŽæ°ãã®äž¡æ¹ã®ã¢ã¯ã»ã¹èš±å¯ã³ãŒãã§ãã ç§ã¯ããè¯ãããã©ã«ãã¯Djangoã®ç®¡çè ã«åŸãããšã ãšæããŸãïŒ
diff --git a/tastypie/authorization.py b/tastypie/authorization.py
index 1d6f5aa..44b2d56 100644
--- a/tastypie/authorization.py
+++ b/tastypie/authorization.py
@@ -151,22 +151,14 @@ class DjangoAuthorization(Authorization):
return model_klass
def read_list(self, object_list, bundle):
- klass = self.base_checks(bundle.request, object_list.model)
-
- if klass is False:
- return []
+ # By default, follows `ModelAdmin` "convention" to use `app.change_model`
+ # `django.contrib.auth.models.Permission` for both viewing and updating.
+ # https://docs.djangoproject.com/es/1.9/topics/auth/default/#permissions-and-authorization
- # GET-style methods are always allowed.
- return object_list
+ return self.update_list(object_list, bundle)
def read_detail(self, object_list, bundle):
- klass = self.base_checks(bundle.request, bundle.obj.__class__)
-
- if klass is False:
- raise Unauthorized("You are not allowed to access that resource.")
-
- # GET-style methods are always allowed.
- return True
+ return self.update_detail(object_list, bundle)
ããããã§ã«ããŒãžãããŠããããšãæè¬ããŸãããç§ã¯ãŸã åé¡ãæ±ããŠããŸãã æ°ãããªã¯ãšã¹ããéãåã«ãããã«ç§ã®æžå¿µããããŸãïŒ
ãã®å€æŽã«ãããæ®å¿µãªããæ¢åã®ã³ãŒããç Žæãããããäžäœäºææ§ããªããªããŸãïŒä»¥åã¯ããã¹ãŠã®GETèŠæ±ãDjangoAuthorizationãééããŠããŸããïŒã ã³ãŒããä¿®æ£ããã«ã¯ããã¹ãŠã®ãŠãŒã¶ãŒã«ãå€æŽãæš©éãäžããïŒæªãïŒããèªã¿åãã¢ã¯ã·ã§ã³ã®ã«ã¹ã¿ã å®è£ ã®ããã«DjangoAuthorizationããµãã¯ã©ã¹åããïŒå€ãã®äœæ¥ãå¿ èŠã«ãªãå¯èœæ§ãããïŒãšãã2ã€ã®ãªãã·ã§ã³ãããããŸããã ããã¯æå³ããããã®ã§ããïŒ
django adminã³ã³ããã¹ãã§ãã®èåŸã«ããçç±ã«æè¬ããŸãããAPIã³ã³ããã¹ãã§ãchangeããšåçã«ãreadããèšå®ããããšã¯ãäºæãããåäœã§ã¯ãªããããè³¢æãªããã©ã«ãã®ä»®å®ã§ã¯ãããŸããã çµå±ã®ãšãããGETãDjangoAuthorizationãšãšãã«èš±å¯ãããã¡ãœããã§ããå ŽåããŠãŒã¶ãŒãchange
æš©éãæã£ãŠããªããšããäºå®ã«åºã¥ããŠããªãã¢ã¯ã»ã¹ãæåŠããã®ã§ããããã
ç§ã¯åœŒã«æ¬¡ã®ä»£æ¿å®è£ ãææ¡ããŸãïŒ
_for read_detail_
view
æš©éãããå Žåã¯ãããã確èªããŸãïŒ=ãããå¿
èŠãšãã人ã®ããã®æ¹åïŒview
æš©éããªãå Žåã¯ãåžžã«èš±å¯ããŸãïŒ=äžäœäºææ§ïŒ_read_list_ã®å Žå
list
æš©éãããå Žåã¯ãããã確èªããŸãïŒ=ãããå¿
èŠãšãã人ã®ããã®æ¹åïŒlist
æš©éããªãå Žåã¯ãåžžã«èš±å¯ããŸãïŒ=äžäœäºææ§ïŒãã®ããã«ããŠãtastypieã¯ãDjangoã®ããŒããã·ã§ã³ã®ããã©ã«ããšäºææ§ã®ããããã©ã«ããè¿œå ããDjangoAuthorizationã®ã«ã¹ã¿ã å®è£ ãäœæãã以å€ã«ãå¿ èŠãªäººã«ãã¥ãŒãšãªã¹ãã®ããŒããã·ã§ã³ãè¿œå ããããšã§ãæ¹åããããã®ç°¡åãªãã¹ãæäŸããŸãã
å°ãªããšããããã©ã«ãã®æš©éãæå®ããæ¹æ³ãããã¯ãã§ãã
DjangoAuthorization(read_permission='view', # applies to both list, detail if not spec'd
read_list_permission='view', # list only
read_detail_permission='view') # detail only
# while we're at it, why not add the other permissions too
DjangoAuthorization(change_permission='change',
delete_permission='delete',
add_permission='add',
# ... add options as per above for each
# <action>_<level> permission where
# action is `change,delete,add,read`, level is `list,detail`)
@SeanHayesã決å®ããŸãã
ããã§ã®ç§ã®æèŠã§ãããããã©ã«ãã§èªã¿åããèš±å¯ããããšã¯ã»ãã¥ãªãã£ã®åé¡ã ã£ããšæããŸãã çç£ã«éåžžã«è¿ã¥ããŸã§ãç§ã¯ããããŸã£ããæåŸ ããŠããŸããã§ããã ãã®ã³ã³ããã¹ãã§ã¯ãäžäœäºææ§ãç Žãå¿ èŠããããšæããŸãã
ããªãã®ææ¡ã§ã¯ãæ¢åã®ã³ãŒãã«ãã©ã¡ãŒã¿ãã¹ãDjangoAuthorization
ã«å€æŽããå¿
èŠãããããã«èŠããŸãããã®å Žåãã¯ã©ã¹ãå¥ã®ååã§åŒã³åºãæ¹ãæ確ã ãšæããŸãã
read_permission='view'
å ŽåãèããŠã¿ãŠãã ããããããããŸãã«å¿
èŠãªãã®ãããããŸããã ãªããããæé©ã§ã¯ãªãã®ãåãããŸãã
class ModifiedDjangoAuthorization(DjangoAuthorization):
READ_PERM_CODE = 'view'
ä»ãå€æŽãããå Žåã¯ãã¡ãœããããªãŒããŒã©ã€ãããã ãã§ãã å€æŽã¯å®éã«ãããéåžžã«ç°¡åã«ããããã«èšèšãããŸããã
class ModifiedDjangoAuthorization(DjangoAuthorization):
def delete_list(self, object_list, bundle):
return self.perm_list_checks(bundle.request, 'del', object_list)
def delete_detail(self, object_list, bundle):
return self.perm_obj_checks(bundle.request, 'del', bundle.obj)
å€æŽã¯å€æŽã念é ã«çœ®ããŠããããããç°¡åã«ããŸããã initparamsãšããŠå®è¡ããå¿ èŠã¯ãªããšæããŸãã
ããã©ã«ãã§èªã¿åããèš±å¯ããããšã¯ã»ãã¥ãªãã£ã®åé¡ã ã£ããšæããŸãã
ç§ã¯å ã®åé¡ã®æå³ãçã£ãŠããŸããã ããŒãžãããå®è£ ã¯ãèšããã«äººã ã®æ¢åã®ã³ãŒããšä»®å®ãç Žããå ã«æ»ãããã®å¹ççãªãªãã·ã§ã³ããªãããšãææããã ãã§ãã
ããªãã®ææ¡ã§ã¯ãDjangoAuthorizationãžã®ãã©ã¡ãŒã¿ãã¹ãæ¢åã®ã³ãŒãã«å€æŽããå¿ èŠãããããã§ãã
ç§ãææ¡ãããœãªã¥ãŒã·ã§ã³ãããäžåºŠèŠãŠã¿ããšãç§ãæå±ããŠããã®ã¯ãå®å šã§äžäœäºææ§ã®ããããã©ã«ãã®ãªãã·ã§ã³ã人ã ã«æäŸããããšã§ãã ãã®å ŽåããŠãŒã¶ãŒã®ã³ãŒããå€æŽããå¿ èŠã¯ãããŸããã
ãã®ã³ã³ããã¹ãã§ã¯ãäžäœäºææ§ãç Žãå¿ èŠããããšæããŸãã
åæããŸããã çŸåšããŒãžãããŠããå€æŽã¯ãäžäœäºææ§ãæãªãã ãã§ãªããGETãèš±å¯ããå¿ èŠããããã¹ãŠã®ãŠãŒã¶ãŒã«å€æŽèš±å¯ãå²ãåœãŠããšããæçœãªæ¹æ³ïŒçŸåšã®å®è£ ã«ãã£ãŠæ瀺ãããïŒãšããç¹ã§ãã¯ããã«å€§ããªæœåšçãªã»ãã¥ãªãã£åé¡ããããããŸãã
ççŽã«èšã£ãŠãèªã¿åãã¢ã¯ã·ã§ã³ã®change
ã¢ã¯ã»ã¹èš±å¯ãã»ãã¥ãªãã£ãã©ã®ããã«åäžããããã¯ããããŸãããåæã«ããã®ã¢ã¯ã»ã¹èš±å¯ã¯PUTãèš±å¯ããŸãã ç°ãªãã¢ã¯ã·ã§ã³ã®æš©éãæ··åšãããããšã¯è¯ãéžæã§ã¯ãªãããã§ãã
æ®å¿µãªãããææ¡ãããModifiedDjangoAuthorization
ã¯ãå®éã«ã¢ãã«ã«view
æš©éãè¿œå ããªãéããããªãã¯ãå®è¡ããªããããäžäœäºææ§ã倱ãããŠããŸãã å°ãªããšããã³ãŒããå€æŽããå¿
èŠããããŸãããã®ãããäžäœäºææ§ãç ŽãããŠãŒã¶ãŒã«ã³ãŒãããŒã¹ã®ããçŽãã匷å¶ããŸãã
ãã¡ããããªãŒããŒã©ã€ãã¯åžžã«ç¹å®ã®èŠä»¶ãéæããããã®ãªãã·ã§ã³ã§ãããtastypieã®äžè¬çãªèãæ¹ã¯ãã«ã¹ã¿ã ã³ãŒããè¿œå ããå¿ èŠã®ãªãè³¢æã§å®å šãªããã©ã«ããæäŸããããšã ãšæããŸã...
èŠããã«ãããè¯ãå®è£ ã®ããã«ããã®å€æŽãå ã«æ»ãå¿ èŠããããšæããŸãã
change
æš©éã¯ãDjangoèªäœããååŸãããŸãã ããã¯Djangoã®ããã©ã«ãã§ãããDjangoAdminã¢ããªã®ã»ããã¢ããæ¹æ³ã§ãã ãªãã·ã§ã³view
ã¯ããã§ã¯ãããŸããã ç§ã¯å人çã«read
ãšåä»ããŸããã
model
ãã§ãã¯ããŠãã©ãããæå³ãããããªãã _metaããã§ãã¯ããããšãæå³ããå Žåãããã¯äžå®å
šã§ããå¯èœæ§ããããŸãã ããªããdbãæã€ããšãæå³ãããªãã°ãç§ã¯ãããäžå¿
èŠã«é«äŸ¡ã§ãããšããããŸããã
ç§ã®å¥œã¿ã§ã¯ãããªããææ¡ããããšã¯ãããã©ã«ãã®æ¿èªã«ã¯ãéæ³ãå€ããããåŽã«ããããã§ãã å®å šãªããã©ã«ããèšå®ããç°¡åã«äžæžãã§ããããã«ããã ãã§ååãªããã§ãã ããããããã¯ç§ã®æèŠã§ãã
å€æŽã¯ããã«ææžåãããŠããŸãïŒ https ïŒ
ççŽã«èšã£ãŠãèªã¿åãã¢ã¯ã·ã§ã³ã®å€æŽã¢ã¯ã»ã¹èš±å¯ãã»ãã¥ãªãã£ãã©ã®ããã«åäžããããã¯ããããŸãããåæã«ããã®ã¢ã¯ã»ã¹èš±å¯ã¯PUTãèš±å¯ããŸãã ç°ãªãã¢ã¯ã·ã§ã³ã®æš©éãæ··åšãããããšã¯è¯ãéžæã§ã¯ãªãããã§ãã
ãŠãŒã¶ãŒãäœããå€æŽã§ããã°ããããèªãããšãã§ããããšãç§ãã¡ã¯ç¥ã£ãŠããŸãããããDjango管çè ãè¡ãæ¹æ³ã§ãã
ãã®ããŒãžã§ã³ã¯ãéçºè ã«èªåãã¡ãäœãããŠããã®ããèãããããããããå®å šã§ãã éçºè ãç¬èªã®ãèªã¿åããæš©éãçºæãã代ããã«ããèªã¿åããæš©éã®ã¿ãæã€ã¹ããšãã«ãæå³çã«å šå¡ã«ãå€æŽãæš©éãäžããããšãéžæããå Žåããããåé¡ã§ãã ä»ã®éçºè ãæ æã«æããªããšãããã®ãæ¢ããããšã¯ã§ããŸãããç§ã¯Tastypieãæããªããšãããã®ãæ¢ããããã«ããã«ããŸãã ãã®å€æŽã®ãã€ã³ãã¯ãéçºè ãäºæããªãå¯èœæ§ã®ãããDjangoAuthorizationã䜿çšãããªãœãŒã¹ã«å¯Ÿããã°ããŒãã«ãªèªã¿åãã¢ã¯ã»ã¹èš±å¯ãé²ãããšã§ããã æ°ããåäœã¯ãéçºè ãDjango管çè ã§çµéšããããšãšäžèŽããŠããŸãã
å€ãåäœãå¿ èŠãªå ŽåïŒ
read_list and
read_detail`ã¡ãœããããªãŒããŒã©ã€ãããŸããããã¥ã¡ã³ããæ¹åãããå¯èœæ§ããããšæãããå Žåã¯ãPRãéä¿¡ããŠãã ããã
ãã£ãŒãããã¯ã«æè¬ããŸãã ããã¥ã¡ã³ããžã®ãªã³ã¯ãããããšããååã«å ¬å¹³ã§ãããããèŠéããŠããŸã£ãã®ã¯æ®å¿µã§ãïŒããã¥ã¡ã³ãã¯v0.13.2ã«ããã®ã«å¯Ÿããåé¡ã¯v0.13.4ã«å²ãåœãŠãããŠããããšã«æ³šæããŠãã ããïŒã
ç§ã®ãã¡æ®ãããããã€ãã®æåŸã®çºèšããããŠãã ããïŒ
ãŠãŒã¶ãŒãäœããå€æŽã§ããã°ããããèªãããšãã§ããããšãç§ãã¡ã¯ç¥ã£ãŠããŸãããããDjango管çè ãè¡ãæ¹æ³ã§ãã
Django管çè
ã¯change
æš©éã䜿çšããŸããããã¯ã管çã€ã³ã¿ãŒãã§ãŒã¹ã_changeing_ãªããžã§ã¯ãã«ã€ããŠ_is_ã§ããããã§ãã ããã§ã¯çã«ããªã£ãŠããŸãã å®çŸ©äžãREST APIã§ã®GETãªã¯ãšã¹ãã¯ã_reading / viewing_ã«é¢ãããã®ã§ãã ã»ãšãã©ã®éçºè
ã¯ãå€æŽããæš©éããªãããã«DjangoAuthorizationãèªã¿åããæåŠããããšããŸã£ããæåŸ
ããŠããªããšæããŸãã
ãã®ããŒãžã§ã³ã¯ãéçºè ã«èªåãã¡ãäœãããŠããã®ããèãããããããããå®å šã§ãã
tastypieã宣äŒããŠããæ©èœã®1ã€ã¯ã_åççãªããã©ã«ã_ãæäŸããããšã§ãã APIã®GETïŒå®çŸ©ïŒèªã¿åãïŒã¡ãœãããšPUTïŒå€æŽïŒã¡ãœããã¯ããã¹ãŠã®æå³ãšç®çã«ãããŠç°ãªãæäœã§ãããç°ãªãã¢ã¯ã»ã¹èš±å¯ãå¿ èŠã§ãããšæ³å®ããã®ã¯éåžžã«åççã§ã¯ãªãã§ããããã
çãããããã䟡å€ã®ããè¿œå ã ãšæããªããç§ãæžãããã®ã«æ²¿ã£ãŠPRãæäŸãããŠããã ããŸãã
å€æŽèš±å¯ã¯Djangoèªäœããæ¥ãŠããŸãã ïŒ...ïŒãªãã·ã§ã³ãã¥ãŒã¯ããã§ã¯ãããŸããã
Djangoã«ã¯view permission
ãè¿œå ããããã®ä¿çäžã®PRãããããããç§ããã¥ãŒã䜿çšããçç±ã§ãã
ããã©ã«ãã§ã¯ããããªãã¯/ã°ããŒãã«èªã¿åãæäœãèš±å¯ããŸããã ãããæåŸã§ãã ãŸããçŸåšæšæºçãªæ¹æ³ããªãå Žåã«ãéçºè ãã©ã®ããã«æš©éãèšå®ããŠããããæšæž¬ããã€ããã¯ãããŸããã ããããèªãããšãèŠããã®ã©ã¡ããšåŒã¶ãããããããŸããããç§ã¯ãã®ããã«ããŠããŸãããŸãã¯ãæ°ããDjangoãªãªãŒã¹ã¯ãããå¥ã®ãã®ãšåŒãã§ããŸãããšèšã£ãŠããã«ããããã®äººãæ¥ãŠã»ãããªãã§ãã ã
Djangoãããã«èªã¿åã/衚瀺暩éããµããŒãããŠããå Žåã¯ãããã«åãæ¿ããŸãã ä»ã®ãšãããéçºè ã¯ãããŒããã·ã§ã³ãåŠçããã«ã¹ã¿ã ã®æ¹æ³ãåŠçããããã«ãããã€ãã®ã«ã¹ã¿ã ã³ãŒããäœæããå¿ èŠããããŸãã
ãã®åé¡ã解決ãããããšã¯ç¥ã£ãŠããŸããããã£ã€ã ã鳎ãããŠããã®å€æŽã«ãããæ¢åã®ãããžã§ã¯ãã0.13.xã«ç§»è¡ã§ããªããªã£ããšèšãããã ãã§ãã
@miraculixxããŒã¿ã衚瀺ããããã ãã«å€æŽæš©éãèŠæ±ããã®ã¯å°ããããããšããäºå®ã«é¢ããŠãããªãã¯å®å šã«æ£ãããšæããŸãã ã©ãããããããDjangoã®ããã«ããããšãã§ãããšæããŸãããããã§ãããã¥ãŒã®ã¢ã¯ã»ã¹èš±å¯ã®æŠå¿µããããŸããïŒããã¯ç§ã®ç§ã®ãã®ããŸã£ããå¥ã®ã¬ãã«ã§å¹ãé£ã°ããŸãããCRUD管çã³ã³ããŒãã³ããå«ããããžã§ã¯ãã«åã«ã¢ã¯ã»ã¹èš±å¯ããªãã®ã¯éåžžèã ãšæããŸãCRUDã®READéšåïŒã
æ¬çªç°å¢ãå£ããããªå€æŽãå ããå Žåãå°ãªããšããããããŒãžã§ã³ç®¡çã«åæ ã§ããŸããïŒ
Tastypieã®x.y.z
ããŒãžã§ã³ç®¡çã¯ãã»ãšãã©ã®äººãæåŸ
ãããã®ãšéåžžã«ãã䌌
ããŒãžã§ã³çªå·MAJOR.MINOR.PATCHãæå®ããŠã以äžãã€ã³ã¯ãªã¡ã³ãããŸãã
..
äžäœäºææ§ã®ãããã°ä¿®æ£ãè¡ãå Žåã®PATCHããŒãžã§ã³ã
æ°ããæ¬çªå±éäžã«ããã远跡ããã®ã«éåžžã«äžå¿«ãªæéãè²»ãããŸããã
æãåèã«ãªãã³ã¡ã³ã
æ¬çªç°å¢ãå£ããããªå€æŽãå ããå Žåãå°ãªããšããããããŒãžã§ã³ç®¡çã«åæ ã§ããŸããïŒ
Tastypieã®
x.y.z
ããŒãžã§ã³ç®¡çã¯ãã»ãšãã©ã®äººãæåŸ ãããã®ãšéåžžã«ãã䌌æ°ããæ¬çªå±éäžã«ããã远跡ããã®ã«éåžžã«äžå¿«ãªæéãè²»ãããŸããã