ViewFlow and django-guardian

问题

I want to make use of django-guardian's object permissions and grant specific rights for specific users to one or more Django users.

I have tried to add some permissions to my Process class like this:

class TestProcess(Process):
    title = models.CharField(max_length=64)

    something = models.ForeignKey(ForInheritage, null=True, on_delete=models.CASCADE)
    no_approval = models.BooleanField(default=False)
    approved = models.BooleanField(default=False)

    def something_is_approved(self):
        try:
            return self.something.approved
        except:
            return None

    class Meta:
        permissions = (
            ('view_process', 'View Process'),
        )

Unfortunately this causes viewflow to immediately throw an error after starting runserver:

File "/home/me/.virtualenvs/viewflow3/lib/python3.4/site-packages/viewflow/mixins.py", line 253, in ready
    self.flow_class.process_class._meta.permissions.append(
AttributeError: 'tuple' object has no attribute 'append'

My initial plan was to subclass Start and View flow classes to change how the Permission function, that is inherited from the PermissionMixin, works. But this seems to be more work than just this, too.

django-guardian is already mentioned in one of the cookbook sections here but currently leads to a 404 page.

What would be the recommended/cleanest way to use guardian permissions on Processes and Tasks?

回答1:

Your specific problem happens b/c you specify permissions like a tuple, try list instead

class Meta:
    permissions = [
        ('view_process', 'View Process'),
    ]

Viewflow already adds the 'view' and 'manage' permissions so you can reuse them.

But further restriction per-process view permissions on the object level with django-guardian is not very practical. On each new process creation, in a start view, you will have to grant view permission to all process participant. That leads to hudge permission table grows and slow down the permissions lookup.

The reasonable use case for the object-level permission could be something like to restrict user access to a task based on a user department, for example.

deliver = flow.View(
    views.deliver
).Permission(
    'parcel.land_on_planet',
    obj=lambda process: process.department
).Next(this.report)

来源：https://stackoverflow.com/questions/42366130/viewflow-and-django-guardian