or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

access-control.mdconfiguration.mddjango-signals.mdfile-operations.mdindex.mdstorage-backends.mdtemplate-integration.mdtranslation-services.mdweb-interface.md

access-control.mddocs/

0
# Access Control and Permissions
1


2
Configurable permission system controlling who can access translation features, with support for user groups, language-specific permissions, and custom access control functions. The system integrates with Django's authentication framework while providing translation-specific authorization.
3


4
## Capabilities
5


6
### User Permission Checking
7


8
Core functions for determining user access to Rosetta functionality.
9


10
```python { .api }
11
def can_translate(user) -> bool:
12
    """
13
    Check if user can access Rosetta translation interface.
14
    
15
    Uses configured access control function to determine permissions.
16
    Default behavior checks for superuser, staff status, or membership
17
    in 'translators' group.
18
    
19
    Parameters:
20
    - user: Django User instance
21
    
22
    Returns:
23
    Boolean indicating translation access permission
24
    """
25


26
def can_translate_language(user, langid: str) -> bool:
27
    """
28
    Check if user can translate specific language.
29
    
30
    Supports language-specific permission control when
31
    ROSETTA_LANGUAGE_GROUPS setting is configured.
32
    
33
    Parameters:
34
    - user: Django User instance  
35
    - langid: Language code (e.g., 'en', 'fr', 'de')
36
    
37
    Returns:
38
    Boolean indicating permission for specific language
39
    """
40
```
41


42
### Access Control Configuration
43


44
Functions for managing and retrieving access control configuration.
45


46
```python { .api }
47
def get_access_control_function():
48
    """
49
    Get configured access control predicate function.
50
    
51
    Retrieves function specified by ROSETTA_ACCESS_CONTROL_FUNCTION
52
    setting, or returns default implementation.
53
    
54
    Returns:
55
    Callable that takes User instance and returns boolean
56
    """
57


58
def is_superuser_staff_or_in_translators_group(user) -> bool:
59
    """
60
    Default access control implementation.
61
    
62
    Grants access to users who are:
63
    - Superusers
64
    - Staff members  
65
    - Members of 'translators' group
66
    
67
    Parameters:
68
    - user: Django User instance
69
    
70
    Returns:
71
    Boolean indicating access permission
72
    """
73
```
74


75
## Configuration Options
76


77
Access control behavior is configured through Django settings:
78


79
```python { .api }
80
# Settings affecting access control
81
ROSETTA_ACCESS_CONTROL_FUNCTION: str = 'rosetta.access.is_superuser_staff_or_in_translators_group'
82
"""
83
Path to function that determines user access.
84
Function must accept User instance and return boolean.
85
"""
86


87
ROSETTA_REQUIRES_AUTH: bool = True  
88
"""
89
Whether authentication is required for Rosetta access.
90
If False, allows anonymous access (not recommended for production).
91
"""
92


93
ROSETTA_LANGUAGE_GROUPS: dict = {}
94
"""
95
Language-specific group permissions.
96
Format: {'language_code': ['group1', 'group2']}
97
Example: {'fr': ['french_translators'], 'de': ['german_translators']}
98
"""
99


100
ROSETTA_LOGIN_URL: str = '/admin/login/'
101
"""
102
URL to redirect unauthenticated users for login.
103
"""
104
```
105


106
## Usage Examples
107


108
### Basic Permission Setup
109


110
```python
111
# settings.py - Use default permission system
112
INSTALLED_APPS = ['rosetta']
113


114
# Create a translators group in Django admin or programmatically
115
from django.contrib.auth.models import Group, User
116


117
# Create translators group
118
translators_group, created = Group.objects.get_or_create(name='translators')
119


120
# Add users to group
121
user = User.objects.get(username='translator_user')
122
user.groups.add(translators_group)
123


124
# Now user can access Rosetta at /rosetta/
125
```
126


127
### Custom Access Control Function
128


129
```python
130
# myapp/permissions.py
131
def custom_can_translate(user):
132
    """
133
    Custom access control for Rosetta.
134
    
135
    Allow access based on custom business logic.
136
    """
137
    if not user.is_authenticated:
138
        return False
139
        
140
    # Custom logic: check user profile or permissions
141
    if hasattr(user, 'profile'):
142
        return user.profile.can_translate
143
        
144
    # Fallback to staff status
145
    return user.is_staff
146


147
# settings.py
148
ROSETTA_ACCESS_CONTROL_FUNCTION = 'myapp.permissions.custom_can_translate'
149
```
150


151
### Language-Specific Permissions
152


153
```python
154
# settings.py - Restrict languages by user groups
155
ROSETTA_LANGUAGE_GROUPS = {
156
    'fr': ['french_translators', 'managers'],
157
    'de': ['german_translators', 'managers'], 
158
    'es': ['spanish_translators', 'managers'],
159
}
160


161
# Create language-specific groups
162
from django.contrib.auth.models import Group, User
163


164
# Create groups
165
french_group = Group.objects.create(name='french_translators')
166
german_group = Group.objects.create(name='german_translators')
167
managers_group = Group.objects.create(name='managers')
168


169
# Assign users to language groups
170
french_translator = User.objects.get(username='marie')
171
french_translator.groups.add(french_group)
172


173
# Managers can translate all languages
174
manager = User.objects.get(username='admin')
175
manager.groups.add(managers_group)
176
```
177


178
### Programmatic Permission Checking
179


180
```python
181
from rosetta.access import can_translate, can_translate_language
182


183
def my_view(request):
184
    """Custom view checking Rosetta permissions."""
185
    
186
    if not can_translate(request.user):
187
        return HttpResponseForbidden("Translation access denied")
188
    
189
    # Check language-specific permission
190
    if not can_translate_language(request.user, 'fr'):
191
        return HttpResponseForbidden("French translation access denied")
192
    
193
    # User has permission, proceed with view logic
194
    return render(request, 'my_template.html')
195
```
196


197
### Integration with Django Views
198


199
```python
200
from django.contrib.auth.decorators import user_passes_test
201
from rosetta.access import can_translate
202


203
@user_passes_test(can_translate)
204
def translation_management_view(request):
205
    """View requiring Rosetta translation permission."""
206
    # View logic here
207
    pass
208


209
# Or as class-based view
210
from django.contrib.auth.mixins import UserPassesTestMixin
211


212
class TranslationManagementView(UserPassesTestMixin, TemplateView):
213
    """Class-based view with Rosetta permission check."""
214
    
215
    def test_func(self):
216
        return can_translate(self.request.user)
217
```
218


219
### Custom Login Integration
220


221
```python
222
# settings.py - Custom login URL
223
ROSETTA_LOGIN_URL = '/accounts/login/'
224


225
# Or integrate with custom authentication
226
ROSETTA_ACCESS_CONTROL_FUNCTION = 'myapp.auth.custom_rosetta_check'
227


228
# myapp/auth.py
229
def custom_rosetta_check(user):
230
    """Integrate with custom authentication system."""
231
    if not user.is_authenticated:
232
        return False
233
        
234
    # Check against custom permissions system
235
    return user.has_permission('translate_interface')
236
```