ActionMixin

class djcrud.views.action.ActionMixin[source]

Bases: object

Per-target permission checks for actions (works for both single object and bulk/list actions).

The general view-level permission (based on permission_shortcode) is checked first via super(). Then, for each target returned by get_permission_targets(), has_permission_for_target(target) is called.

Target resolution is provided by companion mixins (compose as needed):

  • ObjectPermissionMixin — for views with self.object

  • ObjectListPermissionMixin — for views with self.object_list

This gives a uniform, straightforward path without special-casing “no object”, private registry lookups, or bare (no-object) permission checks for object-scoped actions. Targets are always provided when relevant.

Most users do nothing. Register rules with djcrud.permissions.add_perm (or rely on Django permissions). Override has_permission_object() only for view-specific extra logic on a concrete target.

The old _has_permission_without_object branching and private access have been removed.

has_permission()[source]

General permission + per-target checks for the action’s targets.

has_permission_for_target(target)[source]

Whether the action is permitted on this specific target.

Forces the registry check with a real obj=target (so add_perm checks, is_owner, etc. receive proper instances) then the hook.

has_permission_object(obj)[source]

Hook for additional per-object denial after registry checks pass.

obj is always a concrete target (from get_permission_targets via has_permission_for_target). Return False to deny the action for this target.

Example

def has_permission_object(self, obj):

return obj.name == “mine”