Permissions

A grid of all packages implementing permissions for users and groups in your Django project.

Please fell free to verify and update features for listed apps or add another app if you know one.

Features currently being evaluated

FeatureDescription
Object-level Support for permissions assigned per object.
Roles Support for roles in permissions.
Decorator Object-level decorator for views.
Django 1.2 backend See: http://docs.djangoproject.com/en/dev/releases/1.2/#object-level-permissions
.
Database Is a database required? If not, how are permissions stored?
Templatetag Permissions checks in templates via tags.
Declaration Do you declare permissions for models? How?
Assignment How do you assign permissions for objects?
Inheritance Permissions inheritance from related objects.
Logical checks Support for permission checked dynamically, e.g. can view entry no older than
one month.
Field level Supports permissions at the field level of models
Any-to-any Permissions for any object to any other object.
Cascade update Support for cascade update of related objects, e.g. if added view or change perm
for the product, then add view perm for the product category.
Model-level Support for model-level perms (either on its own or by seamless integration with
django.contrib.auth permissions).
Package django-guardian rules django-permission django-rules django-authority dry-rest-permissions django-role-permissions django-objectpermissions django-rbac django-rulez django-permissionsx carteblanche django-extauth django-hierarchical-auth django-permission-backend-nonrel django-global-permissions django-permissions django-tabular-permissions django-finegrained-permissions django-trusts django-rubberstamp django-acl Django Object Permissions django-generic-permissions django_sieve django-acl django-custodian django-roles django-flexible-permissions django-auth-utils django-pobject django-bop
Package django-guardian rules django-permission django-rules django-authority dry-rest-permissions django-role-permissions django-objectpermissions django-rbac django-rulez django-permissionsx carteblanche django-extauth django-hierarchical-auth django-permission-backend-nonrel django-global-permissions django-permissions django-tabular-permissions django-finegrained-permissions django-trusts django-rubberstamp django-acl Django Object Permissions django-generic-permissions django_sieve django-acl django-custodian django-roles django-flexible-permissions django-auth-utils django-pobject django-bop
Description Per object permissions for
Django
Awesome Django authorization,
without the database
An enhanced permission system
which support object
permission in Django
Flexible and scalable Django
authorization backend for
unified per object permission
management
A Django app that provides
generic per-object-permissions
for Django's auth app and
helpers to create custom
permission checks.
Rules based permissions for
the Django Rest Framework
A django app for role based
permissions.
An app to add
object-level/row-level
permissions to users and
groups. Each model can have
different permissions.
Role-based Access Control
(RBAC) implementation for
management of permissions in
Django. Allows a fine-grained
(row level) permission
assignment. Perfect for ...
A lean and mean object-level
rules system for the Django
framework
PermissionsX - Authorization
for Django
Module to align code with
thoughts of users and
designers. Also magically
handles navigation and
permissio...
Extended authorization
framework for Django,
including field-level
permissions and role-based
permissions
Extends django auth allowing
hierarchical permissions
An authentication backend that
supports Django's user and
group permissions on
Django-nonrel
Global permissions for Django Display Django permissions in
a tabular format that is
translatable and easy
customized.
Permissions per field instead
of per model for django
Django authorization add-on
for multiple organizations and
object-level permission
settings
Permissions manager and
backend for Django 1.2,
supporting object permissions
and application-specific
permissions.
Access Control Lists for
django aka per-row
permissions. Largely inspired
on phpBB's ACL. Support for
roles.
This is an implementation of
Object Permissions, a.k.a. row
level permissions. Object
Permissions allow you to
assign a permission to ...
A simple Authentication
Backend to manage specific
permissions.
Serve user-wise data
beautifully, minimally and
correctly.
The application
django-custodian wrap and
extend django.contrib.auth
module providing a exaustive
and granular approach to
authorizations and permissions
management. It ...
Django Roles with
Role-Group-Permission-User
A Django app that combines
object-level table permissions
with model relations to avoid
normalization of data while
providing an extremely ...
Django authentication and
authorization utilities.
An expressive and concise mini
permission module for Django
views.
Basic Object-level Permissions
for django 1.2+
CategoryAppAppFrameworkAppAppAppAppAppAppAppAppOtherAppAppAppAppFrameworkAppOtherAppAppAppAppAppAppAppAppAppAppAppOtherApp
# Using This303333240051101305001000100011110
Python 3?
Development Status Production/Stable Production/Stable Production/Stable n/a Alpha Alpha Production/Stable Unknown Beta Unknown Production/Stable Unknown n/a Unknown n/a Pre-Alpha Production/Stable Production/Stable Beta Beta n/a n/a Unknown Production/Stable Pre-Alpha Unknown n/a Unknown Unknown Alpha n/a Beta
Last updated May 10, 2016, 4:45 a.m. Dec. 7, 2015, 4:43 a.m. Jan. 14, 2016, 10:49 a.m. July 16, 2011, 11:32 a.m. May 11, 2016, 8:53 a.m. Feb. 5, 2016, 11:25 a.m. April 18, 2016, 8:45 a.m. Oct. 8, 2010, 7:23 a.m. March 31, 2010, 11:04 p.m. April 13, 2015, 4:11 p.m. Oct. 2, 2015, 7:13 p.m. July 3, 2014, 11:51 a.m. Dec. 10, 2011, 8:42 p.m. Jan. 5, 2011, 3:03 p.m. April 9, 2011, 4:27 p.m. Dec. 1, 2015, 9:03 a.m. June 21, 2015, 12:25 p.m. March 16, 2016, 7:27 p.m. Oct. 6, 2013, 2:36 p.m. April 30, 2016, 3:17 a.m. Oct. 28, 2010, 6:27 p.m. Aug. 23, 2009, 4:17 p.m. June 6, 2013, 6:33 p.m. Jan. 9, 2013, 10:47 p.m. June 4, 2014, 3:59 p.m. Oct. 8, 2015, 7:49 p.m. Nov. 10, 2011, 7:31 p.m. Jan. 28, 2015, 4:04 p.m. Dec. 10, 2015, 9:21 p.m. March 4, 2016, 9 a.m. March 4, 2011, 11:24 a.m. Oct. 20, 2011, 9:16 a.m.
Version1.4.41.1.10.9.2n/a0.100.1.61.00.3.30.91.0.21.3.41.0.0n/a1.4.6n/a0.2.21.2.21.0.80.0.10.10.3n/an/a1.4.60.1.01.0.00.1.3n/a0.0.41.0.70.1rc1n/a0.3
RepoGithubGithubGithubGithubGithubGithubGithubGithubBitbucketGithubGithubGithubBitbucketGithubBitbucketGithubGithubGithubGithubGithubGithubBitbucketGithubGithubGithubGithubBitbucketGithubGithubGithubBitbucketGithub
Commits
Stars112430017214712110097826862372621191613111198765444333322
Repo Forks3121936835122974165327n/a3812412221n/an/an/an/an/an/an/a
Participantslukaszb
brianmay
bsvetchine
mitar
ggreer
emperorcezar
xordoquy
ad-m
troygrosfield
Wtower
more...
dfunckt
ticosax
mlsen
thedrow
hzy
revolunet
slafs
smcoll
lambdalisue
giginet
quasiyoke
philippeowagner
oskarjakiela
yoyonamite
Simanas
SalahAdDin
artscoop
duilio
maraujop
jjmaestro
chrisglass
jezdez
jlward
bartTC
bocribbz
winhamwr
gthb
remik
diegobz
jpic
safwanrahman
more...
dbkaplan
AlexandreCollet
GerardPaligot
abeniwal
marctc
vovanbo
artragis
filipeximenes
reduxionist
victorgutemberg
fjsj
aarcro
drxos
myonov
sdee
justquick
jazzido
bhuztez
nabucosoundchrisglass
maraujop
jjmaestro
stefanfoulis
nigma
juandecarrion
mitchellrj
DanLipsitt
amites
DarrenRiedlinger
more...
thinkingpotato
adi-
neuman
lightstrike
mhall119rascafhahneduardo-matosdiefenbach
bport
RamezIssacspecialunderwear
PetrDlouhy
thomasyip
Core2Duo
suhailvs
paltmantyrionkreneskyp
bramwelt
MostAwesomeDude
JonahBrooks
Kennric
bsu
chancez
edunham
garrypolleyfabiomichelinicenkbircanoglustaabpjdelportphuihockpterk
Documentation N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Object-level  ✅ ✅

django-trusts always works as an annexation; all features require *no* patched class of any sort, works with all existing builtin auth features: authorization, permission, group, contenttypes; option to use junction table mechanism: no moditication to any existing model.
Rolesirrelevant  if you add a PermissionLogic class like http://bit.ly/1z22IGl 

Role is specified in model's meta and management commands updates db entires and makes it available for permission check
 , assimilated by groups
Decorator  Works as class/method/functional decorator.  This package operates on view level. 

Implemented: @permission_required('app.read_project', fieldlookups_kwargs={'pk': 'project_id'})
  django.contrib.auth.decorators.permission_required
Django 1.2 backend
Database  registry of callables  it use 'Logic' based permission system which is completely different from general permission system. 

implementation optimized to reduce db hits per http request
Templatetag  You can use like {% if user has 'auth.change_user' of object %}
  not needed as it is integrated with django.contrib.auth permissions 

supports django's builtins
 , limited functionality
Declaration  registry of callables  registration. Each model can be registered with Handler for them , permission classes  permissions are defined by role. , registration  as a method in the same model  Permissions are declared for views. 

via django's permission model: app.change_xyz, app.add_xyz, app.delete_xyz or any custom permissions
 , registration dynamically creates permission models 
permissions are view and function level permissions
 , global permissions in settings and model permission as canonical authYes, by creating a role-agent-entity entry, combined with checking optional model relations.
Assignmentmanager + patched User and Group + shortcut function
+ Admin Integration (with ModelAdmin extension)
irrelevantAdd builtin PermissionLogic subclass or your own PermissionLogic subclass to the target model class.permission classes instances + admin (action) + custom views , utils functionspatched User and GroupmanagerIn the same model as a method which takes the User as argument and returns True or FalsePermissions are not assigned to models.utils functions 

via Models or Django Admin UI
(upcoming: REST api via tastypie)
utils functionspatched User and Group or util functionsuse the provided add_permission backend

from django_generic_permissions.backends import add_permission

add_permission('foo', logged_in_user)
 , complete API and GUIBy creating a Permission record, mapping actions to roles, and defining permission inheritance via relations.
Inheritanceirrelevant  for PermissionLogic class 

Can be achieve with two methods:
a) by register the model with field lookup path from another permissible model (i.e., Content.register_content(ReceiptImage, '%s__image' % Content.get_content_fieldlookup('app.Receipt')), or
b) by sharing the same `trust` between depended / dependent objects
 , from parent container
Logical checks  each model have PermissionHandler for them and has_perm method will be called for paricular model. 

via lambda registered with model (i.e., Content.register_permission_condition(Receipt, 'own', lambda u, p, o: u == o.user))

@permission_required('app.change_receipt:own', fieldlookups_kwargs={'pk': 'pk'})

No, though it's extensible enough to add that easily.
Field level , define it in a object level checker.Objects are assigned to request and they can be compared to other values by attributes or methods.?
Any-to-any  Can be 

Same mechanism as Inheritance
Cascade updateirrelevant  Can beDepends on implementation. 

supports updating of multiple object permissions via `trust` and multiple users via django's `auth.models.Group`
Model-level , integration , own  integrated with django.contrib.auth permissions 

design to be used alongside with Django's builtin auth ModelBackend
 , own  this works independent of Django models intentionally , own and integrated
Search WeightPackageDescriptionLast PyPI release:Repo ForksStars
{{ item.weight / max_weight * 100 | number:0 }}%{{ item.title }}Grid: {{ item.description }} {{ item.last_released | date: 'mediumDate' }} N/A {{ item.repo_forks }} N/A {{ item.repo_watchers }} N/A