Django object-level permissions app I need this quickly (less than 1 week) so it's only appropriate for those with Django experience. (No other language or framework is acceptable.) Task: create a simple Django 1.2 app (Python 2.6.x) with object-level (row-level) permissions. Include web pages for assigning and updating. Permission options: view, edit. Models: - ClientUser: a user profile, created via user_postsave_handler when a user is created. Fields: user (ForeignKey), description. (I will eventually add more fields.) - ClientDocument: the content to protect. Fields: title, body. Create a few sample records for testing (users, ClientUsers, ClientDocuments); include an initial_data fixture so that it loads automatically when I test here. Views & Templates: (outside of Django's /admin/) - show an outline of ClientUsers and their associated ClientDocuments and permissions if user.is_staff: show all ClientUsers else: only show for the logged-in user - show an outline of ClientDocuments and their associated ClientUsers if user.is_staff: show all else: only show ClientDocuments for the logged-in user BUT do include all a list of other ClientUsers who have permissions for that document - provide a simple way for an is_staff user to edit permissions (must be a custom form, not Django's admin) * starting from a ClientUser: add/remove permission for one or more ClientDocuments * starting from a ClientDocument: add/remove permission for one or more ClientUsers For all the above, be sure to distinguish the different permissions (view, edit). The HTML doesn't have to be fancy. Admin: - expose all fields in the "list" view; include all text fields in search; set save_on_top True.
One option (that I have NOT evaluated): django-authority (but I still need a full working sample with web pages). I can also share an existing permissions model from another developer that may or may not be useful. Worth noting (from the Django docs): "To enable object permissions in your own authentication backend you'll just have to allow passing an obj parameter to the permission methods and set the supports_object_permissions class attribute to True." The 'backend' links points to [url removed, login to view] ----- Deliverables: - working code with useful comments - Python (or shell) cmd-line script(s) that reduce installation and build to as few steps as possible. (I have both easy_install and pip.) - HTML and CSS must validate (XHTML transitional is fine; exceptions require approval ... and will probably be granted for clearly-identified CSS extensions) - a README file with any useful notes on installation or customization - all deliverables will be considered a "work made for hire" under U.S. Copyright law. Contractor assigns to buyer exclusive and complete copyrights to all work. If such a transfer is not considered valid in certain jurisdictions or circumstances, contractor assigns exclusive, transferrable, fully-paid, non-revokable, worldwide rights to buyer. ----- General requirements: - every new file must contain "Copyright 2010 by PreFab Software, Inc." Every modified file should contain that text preceeded by "Changes are ". - you may also add your name or nickname - for all code or other material not created from scratch, the source must be identified, and all copyright and license information must be preserved. The following licenses are acceptable: Apache, BSD, new BSD, MIT, Perl artistic, public domain, Python community, Academic Free License, ISC (Internet Systems Corp), w3c license, WTFPL, zlib - prior written permission is required before using code, text, sounds, images, or data with either LGPL or any "Creative Commons" license - absolutely no GPL code, text, sounds, images, or data should be included or even reviewed - absolutely no GFDL text, images, sounds, or data should be included
Django, Python. I will test on Mac and deploy on Linux. Any DB back-end is fine as long as it works here on PostgreSQL. (Django's ORM should hide the details.)