ActionMixin¶
- class djcrud.views.action.ActionMixin[source]¶
Bases:
objectPer-target permission checks for actions (works for both single object and bulk/list actions).
The general view-level permission (based on
permission_shortcode) is checked first viasuper(). Then, for each target returned byget_permission_targets(),has_permission_for_target(target)is called.Target resolution is provided by companion mixins (compose as needed):
ObjectPermissionMixin— for views withself.objectObjectListPermissionMixin— for views withself.object_list
This gives a uniform, straightforward path without special-casing “no object”, private registry lookups, or bare (no-object) permission checks for object-scoped actions. Targets are always provided when relevant.
Most users do nothing. Register rules with
djcrud.permissions.add_perm(or rely on Django permissions). Overridehas_permission_object()only for view-specific extra logic on a concrete target.The old
_has_permission_without_objectbranching and private access have been removed.- has_permission_for_target(target)[source]¶
Whether the action is permitted on this specific target.
Forces the registry check with a real obj=target (so add_perm checks, is_owner, etc. receive proper instances) then the hook.
- has_permission_object(obj)[source]¶
Hook for additional per-object denial after registry checks pass.
obj is always a concrete target (from get_permission_targets via has_permission_for_target). Return False to deny the action for this target.
Example
- def has_permission_object(self, obj):
return obj.name == “mine”