Permissions¶

The drf_corekit.permissions module provides reusable permission utilities and focuses on composable building blocks rather than app specific roles.

Role Based Permissions¶

`RolePermission`¶

from drf_corekit.permissions import RolePermission

Generic role based permission checker.

Supports simple attribute based authorization using:

is_staff
is_superuser
user_type (optional)

Behavior¶

This permission:

Verifies authentication
Checks configured role constraints

This permission does NOT:

Handle object ownership
Define application specific roles

Configuration¶

Subclasses define constraints:

class IsStaff(RolePermission):
    require_staff = True

class IsSuperuser(RolePermission):
    require_superuser = True

class IsUserType(RolePermission):
    require_user_type = 1

Role Composition¶

`RolesOrReadOnly`¶

from drf_corekit.permissions import RolesOrReadOnly

Allows unrestricted read access, but restricts unsafe methods to configured roles.

class AdminOrReadOnly(RolesOrReadOnly):
    role_permission_classes = [IsAdmin]

Behavior¶

Method	Access
`GET`, `HEAD`, `OPTIONS`	Allowed for everyone
`POST`, `PUT`, `DELETE`	Requires at least one role permission

Ownership Permissions¶

`OwnershipPermission`¶

from drf_corekit.permissions import OwnershipPermission

Generic object level permission based on ownership rules.

Features

Attribute based ownership (ownership_attr="owner")
Callable based ownership resolution
Optional admin bypass via injected checker

Examples¶

class IsOwner(OwnershipPermission):
    ownership_attr = "owner"

class IsOwnerOrAdmin(OwnershipPermission):
    ownership_attr = "owner"
    allow_admin_bypass = True
    admin_checker = lambda u: u.is_superuser

Behavior¶

This permission:

Checks object ownership
Supports optional admin bypass
Does NOT depend on user profile structure

Action Based Permissions¶

`ActionRolePermission`¶

from drf_corekit.permissions import ActionRolePermission

Maps DRF ViewSet actions to permission classes.

Example¶

class MyPermissions(ActionRolePermission):
    ACTION_ROLE_MAP = {
        "list": [IsAdmin],
        "create": [IsAdmin],
        "retrieve": [IsOwner, IsAdmin],
    }

Behavior¶

Selects permissions based on view.action
Grants access if ANY mapped permission allows it
Supports both permission level and object level checks

Permissions¶

Role Based Permissions¶

RolePermission¶

Behavior¶

Configuration¶

Role Composition¶

RolesOrReadOnly¶

Behavior¶

Ownership Permissions¶

OwnershipPermission¶

Examples¶

Behavior¶

Action Based Permissions¶

ActionRolePermission¶

Example¶

Behavior¶

`RolePermission`¶

`RolesOrReadOnly`¶

`OwnershipPermission`¶

`ActionRolePermission`¶