Welcome to django-permissionsx’s documentation!

Introduction

django-permissionsx is an alternative to Django permissions system. The main difference is that this package does not store authorization logic in database, but instead allows defining permissions on the view level using concise syntax (similar to complex lookups using Q) and performs authorization checks against HttpRequest object. You could think of it as a wrapper around common patterns such as @login_required decorator or checking request.user.is_authenticated().

You will find that defining permissions is similar to filtering QuerySets and complex lookups with Q objects. For example:

P(user__is_authenticated=True) & P(P(user__is_staff=True) | P(user__is_superuser=True))

means that the user will be granted access if is logged in and is either a staff member, or a superuser.

The goal of this project is to make authorization related code as much reusable and consistent as possible. Therefore, permissions can be easily used for multiple views, inherited, used in templates or for building mobile API using django-tastypie.