Modules

Models

This module contains an abstract model UserProfileModel to be used as a mixin for any profile model class

class iam.models.UserProfileModel(*args, **kwargs)

Abstract model for profile models to inherit from. Provides a one-to-one user field that points to the owner of a profile. Override the user field, if you’d like to set its related_name or set it to optional (e.g. for bot profiles)

Parameters

user – The user this profile belongs to

classmethod get_for_user(user) Optional[UserProfileModel]

Check if a user has a profile denoted by this class.

Parameters

user – the user to check

Returns

The profile instance belonging to the user or None

Registry

Contains a class RolesRegistry, which serves as the central repository for all the roles in a particular app. This module also instantiates a registry, which is available through the variable registry (iam.registry.registry). Also exports functions register_role and get_registered_roles, which are the equivalent of registry.register() and registry.get_registered_roles()

class iam.registry.RolesRegistry

A central registry to keep track of all different roles in the application. Register your profile models with @register decorator.

iam.registry.register_role()

Decorator to register a profile model as a role in the application

Parameters
  • model_cls – The profile model class. Passed through the decorator

  • conf – optional configuration, attributes and tags for the role to be registered.

Returns

model_cls

iam.registry.get_registered_roles()

Return a set off all registered profile model classes

Parameters

filter_func – Optionally pass in a function that takes a profile class as an argument, and returns True or False depending on whether the class should be included in the return value or not.

Returns

Set off all registered profile model classes, optionally filtered by filter_func logic.

Mixins

class iam.mixins.RolePredicateMixin(*args, **kwargs)

Mixin used on profile classes. Provides class method get_predicate to create rules predicates to check if a user has a profile or not. Provides parent attribute. If a role has a parent, and a user has the parent profile, the user will have all permissions associated with the child role too.

Parameters

parent – A role could be a specific subset of another parent role. Set parent to that. If a user has a role that is the child of another roles, they automatically get all the permissions for the parent role too.

classmethod get_predicate(extra_check=None)

Return a rules predicate that checks if a user has a corresponding profile thus having that role.

Parameters

extra_check – Optionally check extra parameters on the user’s profile instance.

Returns

Predicate

class iam.mixins.IAMUserMixin(*args, **kwargs)

Mixin used on custom user models that use IAM for their permission management. Provides interfaces to the user model to interact with the IAM, and cache permissions.

get_or_set_role(model_cls)

Check if this user has a particular profile denoted by model_cls.

First hit the cache. If there is no value in the cache, hit the database. If the user has the profile, cache the profile instance. If not, cache a False value, so we don’t need to hit the database again for this check.

Parameters

model_cls – The model class of the profile to be checked.

Returns

The profile instance belonging to the user or None

load_roles()

Load all the roles (and profiles) this user has in their cache.

Predicates

iam.predicates.is_owner(user, obj)

Rules predicate to determine whether a user is the owner of an object or not.

iam.predicates.is_user(user, obj)

Rules predicate to determine whether a profile belongs to a user or not.

Utils

iam.utils.lazy_get_predicate(model_path, extra_check=None)

Return a lazy predicate that checks whether a user has a profile or not.

Parameters
  • model_path – dot path to the model, used to lazily load the model, without referencing it directly.

  • extra_check – Extra check on the profile instance.

Returns

Predicate

Example:
>>> is_author = lazy_get_predicate('blog.AuthorProfile')
>>> is_super_author = lazy_get_predicate('blog.AuthorProfile', lambda p: p.is_super_author)
iam.utils.override_perms(cls, new_rules: dict)

Override rules_permissions for the class with new rules. :param cls: The model class where we want to override permissions. :param new_rules: The new set of rules.

Example:
>>> override_perms(SomeModel, {'add': is_owner})