Statement Elements¶
JSON policies are made up of elements that together determine who can do what with your application and under what conditions.
principal¶
| Description | Should match the user of the current request by identifying a group they belong to or their user ID. |
| Special Values |
|
| Type | Union[str, List[str]] |
| Formats |
|
| Examples |
|
action¶
| Description |
The action or actions that the statement applies to. The value should match the name of a view set method or the name of the view function. Alternatively, you can use placeholders to match the current request's HTTP method. |
| Type | Union[str, List[str]] |
| Special Values |
|
| Examples |
|
effect¶
| Description |
Whether the statement, if it is in effect, should allow or deny access. All access is denied by default, so use deny when you'd like to override an allow statement that will also be in effect.
|
| Type | str |
| Values |
|
condition¶
| Description |
The name of a method on the policy that returns a boolean. If you want to pass a custom argument to the condition's method, format the value as {method_name}:{value}, e.g. user_must_be:owner will call a method named user_must_be, passing it the string "owner" as the final argument.
The method signature is condition(request, view, action: str, custom_arg: str=None). If it returns True, the statement will be in effect.
Useful for enforcing object-level permissions. If list of conditions is given, all conditions must evaluate to True.
|
| Type | Union[str, List[str]] |
| Examples |
|
condition_expression¶
| Description |
Same as the condition element, but with added support for evaluating boolean combinations of policy methods. The expressions follow Python's boolean syntax.
The method signature is condition(request, view, action: str, custom_arg: str=None). If it returns True, the statement will be in effect.
|
| Type | Union[str, List[str]] |
| Examples |
|