Sith/README.md

55 lines
2.1 KiB
Markdown
Raw Normal View History

2015-11-19 07:47:24 +00:00
## Sith AE
2015-11-19 07:45:21 +00:00
2016-01-29 15:29:24 +00:00
### Get started
2015-11-19 07:45:21 +00:00
To start working on the project, just run the following commands:
git clone https://ae-dev.utbm.fr/ae/Sith.git
cd Sith
virtualenv --clear --python=python3 env
2016-07-28 11:02:10 +00:00
source env/bin/activate
pip install -r requirements.txt
2015-12-04 15:13:20 +00:00
./manage.py setup
2015-11-19 07:45:21 +00:00
2016-01-29 15:29:24 +00:00
To start the simple development server, just run `python3 manage.py runserver`
2015-11-24 09:55:15 +00:00
2016-01-29 15:29:24 +00:00
### Generating documentation
2015-11-24 09:55:15 +00:00
2016-01-29 15:29:24 +00:00
There is a Doxyfile at the root of the project, meaning that if you have Doxygen, you can run `doxygen Doxyfile` to
generate a complete HTML documentation that will be available in the *./doc/html/* folder.
2015-11-19 07:45:21 +00:00
2016-01-29 15:29:24 +00:00
### Dependencies:
2016-02-05 15:59:42 +00:00
See requirements.txt
2016-01-29 15:29:24 +00:00
2016-07-28 11:02:10 +00:00
You may need to install some dev libraries like `libssl-dev`, `libjpeg-dev`, or `zlib1g-dev` to install all the
requiered dependancies with pip.
2016-01-29 15:29:24 +00:00
The development is done with sqlite, but it is advised to set a more robust DBMS for production (Postgresql for example)
2015-11-19 07:45:21 +00:00
2016-02-05 15:59:42 +00:00
### Misc about development
#### Controlling the rights
When you need to protect an object, there are three levels:
* Editing the object properties
* Editing the object various values
* Viewing the object
Now you have many solutions in your model:
* You can define a `is_owned_by(self, user)`, a `can_be_edited_by(self, user)`, and/or a `can_be_viewed_by(self, user)`
method, each returning True is the user passed can edit/view the object, False otherwise.
This allows you to make complex request when the group solution is not powerful enough.
It's useful too when you want to define class-wide permissions, e.g. the club members, that are viewable only for
Subscribers.
* You can add an `owner_group` field, as a ForeignKey to Group. Second is an `edit_groups` field, as a ManyToMany to
Group, and third is a `view_groups`, same as for edit.
Finally, when building a class based view, which is highly advised, you just have to inherit it from CanEditPropMixin,
CanEditMixin, or CanViewMixin, which are located in core.views. Your view will then be protected using either the
appropriate group fields, or the right method to check user permissions.