A few weeks ago, I stepped into this app, not to be confused with the almost omonymous "django-permission" (without the "s"); it simplicity and neatness impressed me.
But permissions are granted to roles (and through them to users or groups) only for specific content objects: in the Home»Permissions»Object section of the Admin interface, you cannot add an ObjectPermission object without specifying the content_id besides the content_type id.
By inspecting the code, it seems easy to associate permissions to roles in a more "global" way, that is for content types.
I tried a small patch: it works and till now didn't cause side-effects.
Here are the patches:
models.py, class ObjectPermission
- content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"))
+ content_id = models.PositiveIntegerField(verbose_name=_(u"Content id"), blank=True, null=True)
- content = generic.GenericForeignKey(ct_field="content_type", fk_field="content_id")
utils.py, def def has_permission; add the following code just after the while statement
p = ObjectPermission.objects.filter(
content_type=ctype, content_id__isnull=True, role__in=roles, permission__codename=codename).values("id")
if len(p) > 0:
result = True
break
Being the app already installed and synced, I had also to tweak the schema of the database in order to remove the contraints on the content_id field of the permissions_objectpermission table.
NOTE:
I'm not forking the code, among other things, since for a name conflict I was forced to rename the app.
Moreover, as stated in another issue, I had to make, in the util module, function get_roles, another patch in code that I don't understand fully.