I'm using django 1.6 with REST. I'm trying to incorporate object level as well as system level permissions into my app. After reading a bit I found that django-gurdian is the best way to go (as it play nice with all the other apps).
I'm a bit confused though about how system level permissions and object level permissions are being handled together. For example,
class Item(models.Model):
...
class Meta:
permissions = (
("item_create", "Can create an item") , # System privilege
("item_update", "Can update the item"),
("item_delete", "Can delete the item"),
("item_read" , "Can view the item")
)
I started writing my permissions.py when I realized that i'm not entirely certain on how to test for item_create given that i don't have an item instance yet (nor I should for a system privilege).
Appreciate any words about the difference and / or how to manage them both and how the two play together.
You probably must define your own methods in which the permission checking is done. Pseudo-Code:
if is_system_permission(perm):
user.has_perm(perm)
else:
guardian.user_has_perm(object, perm)
Cheers