rattail.perms - Rattail permissions system
This module contains helper functions relating to the permissions system.
It also provides a single “collection point” for the various permission definitions. This particular module defines those permissions which are applicable to the Rattail core, but extensions may also define permissions (see Rattail Extensions). All permissions, regardless of where they are defined, may be obtained via the get_all_permissions() function (after rattail.init() has been called, that is).
Adds a permission to a role. role should be a rattail.Role instance; permission may be either a rattail.Permission instance, or the fully-qualified name of one.
Create all currently-defined permissions in the database.
Returns the “Administrator” rattail.Role instance, attached to the given session.
Returns a list of currently-defined rattail.PermissionGroup objects. Each group is fully populated with all defined rattail.Permission objects as well.
Note
These objects are all instantiated directly; i.e. they are not associated with any sqlalchemy.orm.Session unless/until you merge() them yourself. The framework does guarantee their existence in the database, however.
Returns the “(Anybody)” rattail.Role instance, attached to the given session.
Parses a fully-qualified permission name and returns a two-tuple with the corresponding rattail.PermissionGroup and rattail.Permission instances.
Checks the given object_ (which may be either a rattail.User or a rattail.Role) and returns a boolean indicating whether or not the object is allowed the given permission. permission may be either a rattail.Permission instance, or the fully-qualified name of one.
If object_ is None, the permission check is made against the special “(Anybody)” role.
Removes the given permission from the given rattail.Role. permission may be either a rattail.Permission instance, or the fully-qualified name of one.