How to use the rules.contrib.views.permission_required function in rules
To help you get started, we’ve selected a few rules examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
dfunckt / django-rules / tests / testapp / views.py View on Github 
@permission_required('testapp.change_book', fn=objectgetter(Book, 'book_id'))
def change_book(request, book_id):
return HttpResponse('OK')@permission_required('manage_titles')
def edit(request, title_id):
"""Edit an existing title."""
try:
title = Title.objects.get(id=title_id)
except ObjectDoesNotExist:
return redirect("ctf_framework:title#index")
form = TitleForm(instance=title)
context = {
"form": form,
"title_id": title_id
}
return render(request, "title/edit.html", context)@permission_required('manage_categories')
def new(request):
"""Create a new category."""
context = {
'form': CategoryForm(),
'categories': Category.objects.all()
}
return render(request, "category/new.html", context)@permission_required('manage_categories')
def update(request, category_id):
"""Update existing challenge."""
if request.method not in "POST":
return HttpResponseNotAllowed(permitted_methods=["POST"])
try:
category = Category.objects.get(id=category_id)
except ObjectDoesNotExist:
return redirect("ctf_framework:category#index")
form = CategoryForm(request.POST, instance=category)
if form.is_valid():
form.save()
messages.success(request, "Category Updated!")@permission_required(perm=["engine.task.change"],
fn=objectgetter(TaskModel, "tid"), raise_exception=True)
def cancel(request, tid):
try:
queue = django_rq.get_queue("low")
job = queue.fetch_job("auto_annotation.run.{}".format(tid))
if job is None or job.is_finished or job.is_failed:
raise Exception("Task is not being annotated currently")
elif "cancel" not in job.meta:
job.meta["cancel"] = True
job.save()
except Exception as ex:
try:
slogger.task[tid].exception("cannot cancel auto annotation for task #{}".format(tid), exc_info=True)
except Exception as logger_ex:
slogger.glob.exception("exception was occured during cancel auto annotation request for task {}: {}".format(tid, str(logger_ex)), exc_info=True)@permission_required(perm=['engine.task.change'],
fn=objectgetter(TaskModel, 'tid'), raise_exception=True)
def create(request, tid):
slogger.glob.info('auto segmentation create request for task {}'.format(tid))
try:
db_task = TaskModel.objects.get(pk=tid)
queue = django_rq.get_queue('low')
job = queue.fetch_job('auto_segmentation.create/{}'.format(tid))
if job is not None and (job.is_started or job.is_queued):
raise Exception("The process is already running")
db_labels = db_task.label_set.prefetch_related('attributespec_set').all()
db_labels = {db_label.id:db_label.name for db_label in db_labels}
# COCO Labels
auto_segmentation_labels = { "BG": 0,
"person": 1, "bicycle": 2, "car": 3, "motorcycle": 4, "airplane": 5,@permission_required(perm=['engine.task.access'],
fn=objectgetter(models.Task, 'tid'), raise_exception=True)
def get_repository(request, tid):
try:
slogger.task[tid].info("get repository request")
return JsonResponse(CVATGit.get(tid, request.user))
except Exception as ex:
try:
slogger.task[tid].error("error occured during getting repository info request", exc_info=True)
except Exception:
pass
return HttpResponseBadRequest(str(ex))@permission_required('create_challenge')
def create(request):
"""Save new challenge."""
if request.method not in "POST":
return HttpResponseNotAllowed(permitted_methods=["POST"])
form = ChallengeForm(request.POST)
if form.is_valid():
form.save()
messages.success(request, "Challenge Created!")
return redirect("ctf_framework:challenge#index")@permission_required(perm=['engine.task.access'],
fn=objectgetter(TaskModel, 'tid'), raise_exception=True)
def check(request, tid):
try:
queue = django_rq.get_queue('low')
job = queue.fetch_job('tf_annotation.create/{}'.format(tid))
if job is not None and 'cancel' in job.meta:
return JsonResponse({'status': 'finished'})
data = {}
if job is None:
data['status'] = 'unknown'
elif job.is_queued:
data['status'] = 'queued'
elif job.is_started:
data['status'] = 'started'
data['progress'] = job.meta['progress']
elif job.is_finished:@permission_required(perm=["auto_annotation.model.delete"],
fn=objectgetter(AnnotationModel, "mid"), raise_exception=True)
def delete_model(request, mid):
if request.method != 'DELETE':
return HttpResponseBadRequest("Only DELETE requests are accepted")
model_manager.delete(mid)
return HttpResponse()rules
Awesome Django authorization, without the database
Package Health Score
82 / 100Popular rules functions
- rules.add_perm
- rules.ContextualRule.makeContextualRule
- rules.contrib.views.permission_required
- rules.contrib.views.PermissionRequiredMixin
- rules.emacs.Cmd.Cmd
- rules.emacs.Cmd.runEmacsCmd
- rules.emacs.common.emacsDefaults
- rules.emacs.common.emacsExtras
- rules.Location
- rules.logger.debug
- rules.logger.info
- rules.models.Category.objects.filter
- rules.models.Rule
- rules.models.Ruleset.objects.all
- rules.models.Transformation
- rules.models.UserAction.create
- rules.models.YaraRule
- rules.predicate
- rules.REST_filters.YaraRuleFilter
- rules.Rules