Modules
Models
This module contains an abstract model UserProfileModel to be used as a mixin for any profile model class
- class iam.models.UserProfileModel(*args, **kwargs)
Abstract model for profile models to inherit from. Provides a one-to-one user field that points to the owner of a profile. Override the user field, if you’d like to set its related_name or set it to optional (e.g. for bot profiles)
- Parameters
user – The user this profile belongs to
- classmethod get_for_user(user) Optional[UserProfileModel]
Check if a user has a profile denoted by this class.
- Parameters
user – the user to check
- Returns
The profile instance belonging to the user or None
Registry
Contains a class RolesRegistry, which serves as the central repository for all the roles in a particular app. This module also instantiates a registry, which is available through the variable registry (iam.registry.registry). Also exports functions register_role and get_registered_roles, which are the equivalent of registry.register() and registry.get_registered_roles()
- class iam.registry.RolesRegistry
A central registry to keep track of all different roles in the application. Register your profile models with @register decorator.
- iam.registry.register_role()
Decorator to register a profile model as a role in the application
- Parameters
model_cls – The profile model class. Passed through the decorator
conf – optional configuration, attributes and tags for the role to be registered.
- Returns
model_cls
- iam.registry.get_registered_roles()
Return a set off all registered profile model classes
- Parameters
filter_func – Optionally pass in a function that takes a profile class as an argument, and returns True or False depending on whether the class should be included in the return value or not.
- Returns
Set off all registered profile model classes, optionally filtered by filter_func logic.
Mixins
- class iam.mixins.RolePredicateMixin(*args, **kwargs)
Mixin used on profile classes. Provides class method get_predicate to create rules predicates to check if a user has a profile or not. Provides parent attribute. If a role has a parent, and a user has the parent profile, the user will have all permissions associated with the child role too.
- Parameters
parent – A role could be a specific subset of another parent role. Set parent to that. If a user has a role that is the child of another roles, they automatically get all the permissions for the parent role too.
- classmethod get_predicate(extra_check=None)
Return a rules predicate that checks if a user has a corresponding profile thus having that role.
- Parameters
extra_check – Optionally check extra parameters on the user’s profile instance.
- Returns
Predicate
- class iam.mixins.IAMUserMixin(*args, **kwargs)
Mixin used on custom user models that use IAM for their permission management. Provides interfaces to the user model to interact with the IAM, and cache permissions.
- get_or_set_role(model_cls)
Check if this user has a particular profile denoted by model_cls.
First hit the cache. If there is no value in the cache, hit the database. If the user has the profile, cache the profile instance. If not, cache a False value, so we don’t need to hit the database again for this check.
- Parameters
model_cls – The model class of the profile to be checked.
- Returns
The profile instance belonging to the user or None
- load_roles()
Load all the roles (and profiles) this user has in their cache.
Predicates
- iam.predicates.is_owner(user, obj)
Rules predicate to determine whether a user is the owner of an object or not.
- iam.predicates.is_user(user, obj)
Rules predicate to determine whether a profile belongs to a user or not.
Utils
- iam.utils.lazy_get_predicate(model_path, extra_check=None)
Return a lazy predicate that checks whether a user has a profile or not.
- Parameters
model_path – dot path to the model, used to lazily load the model, without referencing it directly.
extra_check – Extra check on the profile instance.
- Returns
Predicate
- Example:
>>> is_author = lazy_get_predicate('blog.AuthorProfile') >>> is_super_author = lazy_get_predicate('blog.AuthorProfile', lambda p: p.is_super_author)
- iam.utils.override_perms(cls, new_rules: dict)
Override rules_permissions for the class with new rules. :param cls: The model class where we want to override permissions. :param new_rules: The new set of rules.
- Example:
>>> override_perms(SomeModel, {'add': is_owner})