Comments (5)
I agree it's more "Pythonic" to raise an exception and I have unfortunately no recollection why I made the switch to None. I don't think it's sensible to revert back to the old behaviour as it is a breaking change however I'm willing to be convinced otherwise if others feel the change makes sense.
from django-rules.
Ah, I see you have this note in the README, which I apparently missed:
You may skip evaluation by returning None from your predicate
So I guess this is by design! Conditionals like the one I described above return obj and obj.boolean_field
are dangerous then (though this wasn't known/obvious to me), since they're falsey on their own but skipped in combined predicates. (And None
is falsey in other Python contexts, of course, so I wouldn't have assumed this behavior.) For instance, setting the following will result in "read"
returning "no permission" if the sometimes_returns_none
predicate returns None
, but "add"
returning "has permission" if the user is staff (even if sometimes_returns_none
has returned None
):
rules_permissions = {
"read": sometimes_returns_none,
"add": rules.is_staff & sometimes_returns_none,
}
I'll leave this open for now for any discussion. Thanks again.
from django-rules.
It may be worth at least moving "Skipping predicates" up to the "Combining predicates" portion of the doc so it's more discoverable, since it's important in that context (rather than it being under "Advanced features").
from django-rules.
I think a truth table for all possible combinations of operations and return values close to the "Combining predicates" section would be very useful.
from django-rules.
Yeah, that could be useful. I also noticed in the "Upgrading from 1.x" section of the docs, it mentions that skipping used to be done with raising a SkipPredicate
exception. That more explicit approach seems significantly more preferable/safer to me, particularly for a security-oriented library, where a mistake in allowing access can be rather severe. (And then all truthy/falsey conditions can behave more in line with what's typical in python.)
from django-rules.
Related Issues (20)
- Equivalant of `rules.add_perm('model', rules.always_allow)` in model.Meta.rules_permissions HOT 1
- Many reader of an object HOT 3
- is this repository receiving updates? HOT 1
- Are the predicates defined on a model called automatically?
- 'permission_required' fails on anonymous view callbacks HOT 5
- Pass Payload into Predicate for POST HOT 2
- Django Rules with Non Auth User Model
- Support Django 4.0 HOT 5
- Alternative to `RulesModelBase` in DRF to manage dependency on this library. HOT 8
- Remove Python 2 code
- Django: how does one know which permission failed on a particular request? HOT 1
- Django rules with abstract base class throw error after addition
- Predicate parameters HOT 2
- How do you map predicates to objects and/or users? HOT 1
- AttributeError: 'NoneType' when trying to access the admin panel view list HOT 1
- Passing the view's request or extra arguments to a predicate.
- Consider cutting a new release? HOT 7
- Error: displaying objects even the user hasn't the correct permissions.
- How to correctly use asymetric mixed permissions?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-rules.