Skip to main content
Warning: You are using the test version of PyPI. This is a pre-production deployment of Warehouse. Changes made here affect the production instance of TestPyPI (
Help us improve Python packaging - Donate today!

Parameterizes Django REST Framework methods over user-defined roles

Project Description

Simplifies `Role Based Access Control`_ in `django-rest-framework`_.

Why would I use this?

You have more than one type of user in your data model and you have
business logic that diverges depending on the type of user. You do not
want to organize your API by role because that is not very RESTful. You
do not want to manually type out a lot of conditional branching around
user roles.

Modeling Requirements

- You must have one **Group** for each role
- A **User** cannot belong to more than one of the **Groups**
corresponding to each role


.. code:: bash

$ pip install drf-roles


- ``VIEWSET_METHOD_REGISTRY`` A tuple of DRF methods to override.
Defaults to:

.. code:: python


- ``ROLE_GROUPS`` A tuple of Group names that correspond 1-to-1 with
user roles. Defaults to:

.. code:: python

[ for group in Group.objects.all()]


Add the mixin to any ViewSet:

.. code:: python

from drf_roles import RoleViewSetMixin

class MyViewSet(RoleViewSetMixin, ModelViewSet):
# ...

For each of the methods specified in ``VIEWSET_METHOD_REGISTRY`` a
role-scoped method will be generated on your ViewSet.


For example, let’s say you have three groups named *Takers*, *Leavers* &
*Gods*. Let’s also say you included ``"get_queryset"`` in the

When a *Taker* user hits an endpont on the ViewSet, the call to
``get_queryset`` will be rerouted to a call to

When a *Leaver* user hits an endpont on the ViewSet, the call to
``get_queryset`` will be rerouted to a call to

When a *God* user hits an endpont on the ViewSet, the call to
``get_queryset`` will be rerouted to a call to

You can implement each of these methods on your ViewSet to return a
different queryset for each type of user.

Not Parameterizing

You can also *not* implement one or more of these methods, in which case
the default call will be executed. For example, with our same set of
groups and with ``"get_serializer_class"`` included in the role
registry, let’s say you did not implement
``get_serializer_class_for_takers``. When a *Taker* user hits an
endpoint on the ViewSet, the default implementation of
``get_serializer_class`` will be executed and return

In this case, you would want to be sre that you have a
\`\ ``serializer_class`` defined on your ViewSet! Otherwise Django REST
Framework will complain. It is a good idea to always define a default
``queryset`` and ``serializer_class`` with least privilege (e.g:


- Some projects require even further parameterization. For example, you may need
to use a different `serializer_class` depending on the user's *role* **and**
the *request method*.

- There may be a more pleasant way to express the parameterization in code. For
example, it may be more pleasing to use nested classes instead of renaming the

.. _Role Based Access Control:
.. _django-rest-framework:
Release History

Release History

This version
History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
django-rest-framework-roles-0.2.tar.gz (4.5 kB) Copy SHA256 Checksum SHA256 Source Aug 17, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting