Permissions

A grid of all packages implementing permissions for users and groups in your Django project.

Please fell free to verify and update features for listed apps or add another app if you know one.

Features currently being evaluated

FeatureDescription
Object-level Support for permissions assigned per object.
Django 1.2 backend See: http://docs.djangoproject.com/en/dev/releases/1.2/#object-level-permissions
.
Decorator Object-level decorator for views.
Logical checks Support for permission checked dynamically, e.g. can view entry no older than
one month.
Database Is a database required? If not, how are permissions stored?
Declaration Do you declare permissions for models? How?
Assignment How do you assign permissions for objects?
Templatetag Permissions checks in templates via tags.
Inheritance Permissions inheritance from related objects.
Roles Support for roles in permissions.
Field level Supports permissions at the field level of models
Cascade update Support for cascade update of related objects, e.g. if added view or change perm
for the product, then add view perm for the product category.
Any-to-any Permissions for any object to any other object.
Model-level Support for model-level perms (either on its own or by seamless integration with
django.contrib.auth permissions).
Package django-guardian rules drf-extensions django-role-permissions dry-rest-permissions django-permission djangorestframework-api-key django-authority DRF Access Policy django-admin-view-permission django-rules django-prbac django-objectpermissions django-rbac django-rulez Django-Access Tabular Permissions Widget carteblanche django-permissionsx django-global-permissions django-extauth django-hats django-hierarchical-auth django-field-permissions django-permission-backend-nonrel Django Debug Permissions django-improved-permissions django-permissions django-trusts django-finegrained-permissions drf-psq django-permissions-auditor giaola-role-permissions django-auth-utils django-rubberstamp serious-django-permissions django_sieve django-acl django-acl django-generic-permissions Django Object Permissions django-custodian django-http-451 Django Permafrost django-flexible-permissions django-bop django-pobject django-simple-perms django-roles
Package django-guardian rules drf-extensions django-role-permissions dry-rest-permissions django-permission djangorestframework-api-key django-authority DRF Access Policy django-admin-view-permission django-rules django-prbac django-objectpermissions django-rbac django-rulez Django-Access Tabular Permissions Widget carteblanche django-permissionsx django-global-permissions django-extauth django-hats django-hierarchical-auth django-field-permissions django-permission-backend-nonrel Django Debug Permissions django-improved-permissions django-permissions django-trusts django-finegrained-permissions drf-psq django-permissions-auditor giaola-role-permissions django-auth-utils django-rubberstamp serious-django-permissions django_sieve django-acl django-acl django-generic-permissions Django Object Permissions django-custodian django-http-451 Django Permafrost django-flexible-permissions django-bop django-pobject django-simple-perms django-roles
Description Per object permissions for
Django
Awesome Django authorization,
without the database
DRF-extensions is a collection
of custom extensions for
Django REST Framework
A django app for role based
permissions.
Rules based permissions for
the Django Rest Framework
[Not maintained] An enhanced
permission system which
support object permission in
Django
🔐 API key permissions for
Django REST Framework
A Django app that provides
generic per-object-permissions
for Django's auth app and
helpers to create custom
permission checks.
Declarative access
policies/permissions modeled
after AWS' IAM policies.
Reusable application which
provides a view permission for
the existing models.
Flexible and scalable Django
authorization backend for
unified per object permission
management
An app to add
object-level/row-level
permissions to users and
groups. Each model can have
different permissions.
Role-based Access Control
(RBAC) implementation for
management of permissions in
Django. Allows a fine-grained
(row level) permission
assignment. Perfect for ...
A lean and mean object-level
rules system for the Django
framework
Django-Access - the
application introducing
dynamic evaluation-based
instance-level (row-level)
access rights control for
Django
Display Django permissions in
a HTML table that is
translatable and easily
customized.
Module to align code with
thoughts of users and
designers. Also magically
handles navigation and
permissio...
PermissionsX - Authorization
for Django
Global permissions for Django Extended authorization
framework for Django,
including field-level
permissions and role-based
permissions
Role-based permissions system
for Django. Everyone wears a
different hat, some people
wear multiple.
Extends django auth allowing
hierarchical permissions
A starting place for
field-level permissions
An authentication backend that
supports Django's user and
group permissions on
Django-nonrel
Get a list of all user
permissions available in the
system
Django application made to
make django's default
permission system more robu...
Django authorization add-on
for multiple organizations and
object-level permission
settings
Permissions per field instead
of per model for django
The simplest and most general
way to manage action-based
permissions, serializers, and
querysets dependent on
permission-based rules for the
Django ...
Tool to audit access control
on your django app.
A django app for role based
permissions.
Django authentication and
authorization utilities
Permissions manager and
backend for Django 1.2,
supporting object permissions
and application-specific
permissions.
A Django extension to define
and use Groups and Permissions
from a central place, per app.
Serve user-wise data
beautifully, minimally and
correctly.
Access Control Lists for
django aka per-row
permissions. Largely inspired
on phpBB's ACL. Support for
roles.
A simple Authentication
Backend to manage specific
permissions.
This is an implementation of
Object Permissions, a.k.a. row
level permissions. Object
Permissions allow you to
assign a permission to ...
The application
django-custodian wrap and
extend django.contrib.auth
module providing a exaustive
and granular approach to
authorizations and permissions
management. It ...
Django implementation for
HTTP451
Adds User Definable
Permissions to Django
A Django app that combines
object-level table permissions
with model relations to avoid
normalization of data while
providing an extremely ...
Basic Object-level Permissions
for django 1.2+
An expressive and concise mini
permission module for Django
views.
Django Roles with
Role-Group-Permission-User
CategoryAppAppAppAppAppFrameworkAppAppOtherAppAppAppAppAppAppAppAppOtherAppAppAppAppAppAppAppAppAppFrameworkAppOtherAppAppOtherAppAppAppAppAppAppAppAppAppAppAppAppAppOtherAppApp
# Using This731866230303300062111001103025100011000001000020111
Python 3?
Development Status Production/Stable Production/Stable Production/Stable Production/Stable Production/Stable Production/Stable Beta Production/Stable Unknown Production/Stable n/a Alpha Unknown Beta Unknown Beta Production/Stable Unknown Production/Stable Pre-Alpha n/a Production/Stable Unknown n/a n/a Beta Unknown Production/Stable Beta Beta Unknown Production/Stable Production/Stable Alpha n/a Unknown Pre-Alpha n/a Unknown Production/Stable Unknown n/a Unknown Pre-Alpha Unknown Beta n/a Unknown Unknown
Last updated Oct. 19, 2020, 8:50 a.m. Jan. 17, 2020, 5:18 a.m. Aug. 11, 2020, 11:09 p.m. July 23, 2020, 2:47 p.m. Jan. 31, 2018, 9:27 a.m. March 4, 2020, 5:19 a.m. Oct. 16, 2020, 6:57 a.m. Feb. 26, 2020, 4:24 a.m. Oct. 11, 2020, 4:28 p.m. Dec. 2, 2018, 4:45 p.m. July 16, 2011, 11:32 a.m. Aug. 24, 2020, 2:36 p.m. Oct. 8, 2010, 7:23 a.m. March 31, 2010, 11:04 p.m. Jan. 13, 2018, 2:04 p.m. April 22, 2020, 3:22 a.m. Sept. 15, 2020, 7:04 a.m. July 3, 2014, 11:51 a.m. Nov. 3, 2017, 8:01 p.m. Oct. 10, 2018, 1:11 p.m. Dec. 10, 2011, 8:42 p.m. July 22, 2019, 9:57 a.m. Jan. 5, 2011, 3:03 p.m. May 1, 2016, 3:25 a.m. April 9, 2011, 4:27 p.m. May 14, 2020, 3:56 a.m. Nov. 27, 2018, 5:56 a.m. June 21, 2015, 12:25 p.m. April 30, 2016, 3:17 a.m. Oct. 6, 2013, 2:36 p.m. Sept. 7, 2020, 4:39 p.m. Sept. 22, 2020, 11:47 a.m. Aug. 28, 2018, 5:42 a.m. Nov. 15, 2017, 5:47 a.m. Oct. 28, 2010, 6:27 p.m. Sept. 25, 2019, 9:21 a.m. June 4, 2014, 3:59 p.m. Aug. 23, 2009, 4:17 p.m. Oct. 8, 2015, 7:49 p.m. Jan. 9, 2013, 10:47 p.m. June 6, 2013, 6:33 p.m. Nov. 10, 2011, 7:31 p.m. Nov. 3, 2018, 5:13 a.m. Aug. 20, 2020, 6:43 p.m. Dec. 10, 2015, 9:21 p.m. Oct. 20, 2011, 9:16 a.m. March 4, 2011, 11:24 a.m. Jan. 10, 2019, 3:22 p.m. Jan. 28, 2015, 4:04 p.m.
Version2.3.02.20.6.03.1.00.1.101.0.52.0.00.140.8.11.9n/a1.0.10.3.30.91.0.2n/a2.81.0.02.0.00.2.4n/a1.1.21.4.6n/an/a1.0.00.2.21.2.20.10.30.0.11.0.01.0.11.2.00.1.1n/a0.141.0.0n/a0.1.30.1.01.4.6n/a0.10.2.01.0.70.3n/a0.2.80.0.4
RepoGithubGithubGithubGithubGithubGithubGithubGithubGithubGithubGithubGithubGithubBitbucketGithubGithubGithubGithubGithubGithubBitbucketGithubGithubGithubBitbucketGithubGithubGithubGithubGithubGithubGithubGithubGithubGithubGithubGithubBitbucketGithubGithubGithubBitbucketGithubGithubGithubGithubBitbucketBitbucketGithub
Commits
Stars2770114610764233473032302201571481479686656345434139292121201916151413131110877765554433332222
Repo Forks503931799854453953164111328417282472n/a714n/a111222n/an/an/an/an/an/a12112n/a1n/a1n/an/an/an/a
Participantslukaszb
brianmay
ad-m
michael-k
bsvetchine
johnthagen
mitar
ggreer
troygrosfield
xordoquy
more...
dfunckt
dyve
efficiosoft
ticosax
mlsen
thedrow
orf
pjsier
danlamanna
jacobh
more...
auvipy
chibisov
pratyushmittal
rpkilby
OskarPersson
maryokhin
alexander-akhmetov
codingjoe
joehybird
tuky
more...
filipeximenes
powderflask
kavdev
iurisilvio
reduxionist
fjsj
amandasavluchinske
andersonresende
victorgutemberg
aarcro
more...
dbkaplan
AlexandreCollet
mbaragiola
ttill
wernerhp
abeniwal
GerardPaligot
marctc
vovanbo
artragis
lambdalisue
giginet
quasiyoke
LuRsT
argsno
oskarjakiela
philippeowagner
Simanas
timgates42
AmbientLighter
more...
florimondmanca
biancaG
guilleijo
jaswanthm
jeancochrane
tony
UtkucanBykl
jezdez
jlward
bartTC
winhamwr
bocribbz
gthb
safwanrahman
remik
diegobz
RDIL
more...
rsinger86
oguzhancelikarslan
dependabot[bot]
JT501
greenled
KillianMeersman
sarthikg
filwaline
hardntrash
lefterisnik
Anton-Shutik
awgreenblatt
michi88
pieterdd
ciarancourtney
kapucko
lanterno
crazyscientist
pinerojuancruz
more...
maraujop
jjmaestro
millerdev
kennknowles
czue
dannyroberts
biyeun
GertBurger
NoahCarnahan
ArtemBernatskyy
nickpell
snopoke
more...
justquick
jazzido
bhuztez
nabucosoundchrisglass
maraujop
jjmaestro
stefanfoulis
nigma
juandecarrion
mitchellrj
amites
bashu
DanLipsitt
more...
nnsevaRamezIssac
ihabhussein
abahnihi
vintage
neuman
lightstrike
robpogorzelski
adi-
eduardo-matos
perdy
mhall119miketheredherringrascatilivfhahntimonwebgabrielbiasidiefenbachthomasyip
core2duo
suhailvs
specialunderwear
PetrDlouhy
AminHP
salarnasiri
kluchrjfilipeximenes
g20ready
dimkl
reduxionist
fjsj
andersonresende
victorgutemberg
aarcro
jamespenick
myonov
more...
PiDelportpaltmancobalamin
seblat
LilithWittmann
tyriongarrypolleybramwelt
MostAwesomeDude
bsu
Kennric
chancez
fabiomichelinirenderbox
devo-wm
staabpterkphuihockhespulcenkbircanoglu
Documentation N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A
Object-level , In conjunction with django-guardian since `Groups` can be used.  ✅ ✅

django-trusts always works as an annexation; all features require *no* patched class of any sort, works with all existing builtin auth features: authorization, permission, group, contenttypes; option to use junction table mechanism: no moditication to any existing model.
Django 1.2 backend
Decorator  Works as class/method/functional decorator.  This package operates on view level. 

Implemented: @permission_required('app.read_project', fieldlookups_kwargs={'pk': 'project_id'})
  django.contrib.auth.decorators.permission_required
Logical checks  each model have PermissionHandler for them and has_perm method will be called for paricular model. 

via lambda registered with model (i.e., Content.register_permission_condition(Receipt, 'own', lambda u, p, o: u == o.user))

@permission_required('app.change_receipt:own', fieldlookups_kwargs={'pk': 'pk'})

No, though it's extensible enough to add that easily.
Database  registry of callables  it use 'Logic' based permission system which is completely different from general permission system. 

implementation optimized to reduce db hits per http request
 
only logical check
Declaration  registry of callables  permissions are defined by role.  registration. Each model can be registered with Handler for them , permission classes , registration  as a method in the same model  Permissions are declared for views. , Role class inheritance , using the same method as auth Django system. 

via django's permission model: app.change_xyz, app.add_xyz, app.delete_xyz or any custom permissions
 
permissions are view and function level permissions
 , registration dynamically creates permission models , global permissions in settings and model permission as canonical authYes, by creating a role-agent-entity entry, combined with checking optional model relations. , declaration in a perms.py file in app
Assignmentmanager + patched User and Group + shortcut function
+ Admin Integration (with ModelAdmin extension)
irrelevant , utils functionsAdd builtin PermissionLogic subclass or your own PermissionLogic subclass to the target model class.permission classes instances + admin (action) + custom viewspatched User and GroupmanagerIn the same model as a method which takes the User as argument and returns True or FalsePermissions are not assigned to models.  using shortcuts functions and mixins for Users and Objectsutils functions 

via Models or Django Admin UI
(upcoming: REST api via tastypie)
utils functionsuse the provided add_permission backend

from django_generic_permissions.backends import add_permission

add_permission('foo', logged_in_user)
patched User and Group or util functions , complete API and GUIBy creating a Permission record, mapping actions to roles, and defining permission inheritance via relations.logical only (code executed on object to determine permission)
Templatetag  You can use like {% if user has 'auth.change_user' of object %}
  not needed as it is integrated with django.contrib.auth permissions , has_perm 

supports django's builtins
 , limited functionality
Inheritanceirrelevant  for PermissionLogic class , full inheritance defining the "parents" of the model. 

Can be achieve with two methods:
a) by register the model with field lookup path from another permissible model (i.e., Content.register_content(ReceiptImage, '%s__image' % Content.get_content_fieldlookup('app.Receipt')), or
b) by sharing the same `trust` between depended / dependent objects
 , from parent container
Rolesirrelevant  if you add a PermissionLogic class like http://bit.ly/1z22IGl , is actually required to have roles. 

Role is specified in model's meta and management commands updates db entires and makes it available for permission check
 , assimilated by groups
Field level , define it in a object level checker.Objects are assigned to request and they can be compared to other values by attributes or methods.?
Cascade updateirrelevant  Can beDepends on implementation. , the inheritance system also handle this behavior. 

supports updating of multiple object permissions via `trust` and multiple users via django's `auth.models.Group`
Any-to-any  Can be , only User-to-any 

Same mechanism as Inheritance
Model-level , integration , own  integrated with django.contrib.auth permissions , using role classes with models=ALL_MODELS 

design to be used alongside with Django's builtin auth ModelBackend
 , own  this works independent of Django models intentionally , own and integrated
Search WeightPackageDescriptionLast PyPI release:Repo ForksStars
{{ item.weight / max_weight * 100 | number:0 }}%{{ item.title }}Grid: {{ item.description }} {{ item.last_released | date: 'mediumDate' }} N/A {{ item.repo_forks }} N/A {{ item.repo_watchers }} N/A