How to make group permissions work in Django-nonrel for Google App Engine

Question

I'm trying to get role-based permissions working for django-nonrel for GAE.

Out of the box, it didn't seem to work, probably because of the implicit many-to-many relationship between Users and Groups, so I found and installed http://www.fhahn.com/writing/Django-s-Permission-System-with-Django-Nonrel. Per the documentation, I added permission_backend_nonrel to INSTALLED_APPS (after djangotoolbox), and defined AUTHENTICATION_BACKENDS to the appropriate class in settings.py.

This gets me past the earlier problem ("DatabaseError: This query is not supported by the database."), but I'm still stuck because when I run a very simple sample, I get an empty set of permissions when I believe I should be getting something back. The below is about as simple an example as I could make. It's launched in the django framework by python manage.py shell - it's a simple pony shop. I'm trying to add a user to a group, give that group permissions, and then see those permissions reflected as part of the set of permissions the user has:

>>> from django.contrib.auth.models import Group, Permission, User
>>> from django.contrib.contenttypes.models import ContentType
>>> from pony_shop.models import Pony

#Create the group:
>>> farmers = Group(name="Farmers")
>>> farmers.save()

>>> pony_ct = ContentType.objects.get(app_label='pony_shop', model='pony')

#Create the Permission
>>> can_twirl = Permission(name='Can Twirl', codename='can_twirl', content_type=pony_ct)
>>> can_twirl.save()

#Give the Permission to the Group
>>> farmers.permissions.add(can_twirl)
>>> farmers.save()

#Create the User
>>> francis = User(username='francis')
>>> francis.save()

#Put the user in the group
>>> francis.groups.add(farmers)
>>> francis.save()

#Get a pony object
>>> firefly = Pony(price=12, height=3, name='Firefly', color='fuscia')
>>> firefly.save()

>>> francis.get_all_permissions()
set([]) #<-- WHY?!?

#Just in case I needed to check the permissions against a pony object:
>>> francis.get_all_permissions(obj=firefly)
set([]) #<-- Still no joy

So, the question is: Why doesn't the above work, and what do I need to change to make it work?

Thanks in advance for your help!

Answer 1

Thanks to a colleague, I got the answer to this. Apparently, I needed to not use the built-in group/permission adds. Instead, use the utility class that comes with *permission_backend_nonrel*

>>>from permission_backend_nonrel import utils
>>>utils.add_permission_to_group(can_twirl,farmers)
>>>utils.add_user_to_group(francis,farmers)

Then, it works.

Answer 2

Oh, as an update, here is where the new code base is : https://github.com/django-nonrel/django-permission-backend-nonrel

And the instructions are included there too :-)

Answer 3

To check if an user are in a group I use the next function:

from django.contrib.auth.models import User, Group
from permission_backend_nonrel.models import UserPermissionList

def UserInGroup(User, groupName):
    group = Group.objects.get(name=groupName)
    up = UserPermissionList.objects.filter(user = User)
    try:
        return True if unicode(group.id) in up[0].group_fk_list else False
    except:
        return False