Back to tuple style syntax for permission required decorator.

example/exampleapp/views.py

@@ -3,10 +3,11 @@ from django.contrib.flatpages.models import FlatPage
 
 from authority.decorators import permission_required, permission_required_or_403
 
-# @permission_required_or_403('flatpage_permission.top_secret', { # use this to return a 403 page
-#     'url': (FlatPage, 'url__contains'), 'lala': (FlatPage, 'url__contains')})
-@permission_required('flatpage_permission.top_secret', {
-    'url': (FlatPage, 'url__contains'), 'lala': (FlatPage, 'url__contains')})
+@permission_required_or_403('flatpage_permission.top_secret', # use this to return a 403 page
+    (FlatPage, 'url__contains', 'url'), (FlatPage, 'url__contains', 'lala'))
+# @permission_required('flatpage_permission.top_secret',
+#     (FlatPage, 'url__contains', 'url'), (FlatPage, 'url__contains', 'lala'))
+#@permission_required_or_403('flatpages.add_flatpage')
 def top_secret(request, url, lala=None):
     """
     A wrapping view that performs the permission check given in the decorator

src/authority/decorators.py

@@ -12,25 +12,24 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
 from authority import permissions
 from authority.views import permission_denied
 
-def permission_required(perm, lookup_params=None, login_url=None,
-        redirect_field_name=REDIRECT_FIELD_NAME, redirect_to_login=True):
+def permission_required(perm, *model_lookups, **kwargs):
     """
     Decorator for views that checks whether a user has a particular permission
     enabled, redirecting to the log-in page if necessary.
     """
-    if lookup_params is None:
-        lookup_params = {}
-    if login_url is None:
-        login_url = settings.LOGIN_URL
+    login_url = kwargs.pop('login_url', settings.LOGIN_URL)
+    redirect_field_name = kwargs.pop('redirect_field_name', REDIRECT_FIELD_NAME)
+    redirect_to_login = kwargs.pop('redirect_to_login', True)
     def decorate(view_func):
         def decorated(request, *args, **kwargs):
             objs = []
             if request.user.is_authenticated():
-                for name, value in kwargs.items():
-                    lookup_param = lookup_params.get(name, None)
-                    if None in (value, lookup_param):
+                for model, lookup, varname in model_lookups:
+                    if varname not in kwargs:
+                        continue
+                    value = kwargs.get(varname, None)
+                    if value is None:
                         continue
-                    model, lookup = lookup_param
                     if isinstance(model, basestring):
                         model_class = get_model(*model.split("."))
                     else:
@@ -44,7 +43,10 @@ def permission_required(perm, lookup_params=None, login_url=None,
                             'The argument %s needs to be a model.' % model)
                     objs.append(get_object_or_404(model_class, **{lookup: value}))
                 check = permissions.registry.get_check(request.user, perm)
-                if (check and check(*objs)) or request.user.has_perm(perm):
+                granted = False
+                if check is not None:
+                    granted = check(*objs)
+                if granted or request.user.has_perm(perm):
                     return view_func(request, *args, **kwargs)
             if redirect_to_login:
                 path = urlquote(request.get_full_path())

src/authority/permissions.py

@@ -122,10 +122,6 @@ class PermissionMetaclass(type):
 class BasePermission(object):
     """
     Base Permission class to be used to define app permissions.
-
-    check = MyPermission(request.user)
-    if check.can("change", obj):
-
     """
     __metaclass__ = PermissionMetaclass