63👍
is_superuser isn’t a permission, it’s an attribute on the user model. Django already has another decorator you can make use of called user_passes_test to perform this check:
from django.contrib.auth.decorators import user_passes_test
@user_passes_test(lambda u: u.is_superuser)
def score_reset(self,...):
...
7👍
Above answers seems to be for very early versions of django.
They are bit complicated than for the more later version
for django 1.11 here is a bit similar but simpler strategy.
views.py
from django.contrib.auth.decorators import login_required
@login_required
def some_view(request):
if request.user.is_superuser:
//allow access only to superuser
return render(request, 'app/template1.html', args)
else:
//allow access only to user
return render(request, 'app/template2.html', args)
- [Django]-Django "Remember Me" with built-in login view and authentication form
- [Django]-Unable to perform collectstatic
- [Django]-How to make python on Heroku https only?
5👍
Make use of Django’s UserPassesTestMixin
Create a custom mixin SuperuserRequiredMixin
#mixins.py
from django.contrib.auth.mixins import UserPassesTestMixin
class SuperuserRequiredMixin(UserPassesTestMixin):
def test_func(self):
return self.request.user.is_superuser
Usage
class SomeSuperUserOnlyView(SuperuserRequiredMixin, ListView):
form_class = ExamForm
template_name = 'exam/newexam.html'
- [Django]-OSError – Errno 13 Permission denied
- [Django]-Django character set with MySQL weirdness
- [Django]-WARNING Not Found: /favicon.ico in Django
2👍
@user_passes_test is not an elegant solution if you want to perform this check on many views.
You can easily write your own decorathor having for example @staff_member_require.
Here you can see one of the possible solutions.
- [Django]-How to access the user profile in a Django template?
- [Django]-Django prefetch_related with limit
- [Django]-How to debug in Django, the good way?
1👍
You can use the user passes test decorator to restrict access any way you want. Here is a restriction based on user email example:
from django.contrib.auth.decorators import user_passes_test
def email_check(user):
x = False
if user.email == 'anyemailhere':
x = True
return x
# Create your views here.
@user_passes_test(email_check)
def dash_index(request):
...
More here https://docs.djangoproject.com/en/2.1/topics/auth/default/#the-permission-required-decorator
- [Django]-How do I restart celery workers gracefully?
- [Django]-Django model field by variable
- [Django]-How to get username from Django Rest Framework JWT token
0👍
SuperuserRequiredMixin
Another permission-based mixin. This is specifically for requiring a user to be a superuser. Comes in handy for tools that only privileged users should have access to.
First install: pip install django-braces
views.py
from braces.views import LoginRequiredMixin, SuperuserRequiredMixin
class SomeSuperuserView(LoginRequiredMixin, SuperuserRequiredMixin, TemplateView):
template_name = "path/to/template.html"
- [Django]-Django Rest Framework and JSONField
- [Django]-"No installed app with label 'admin'" running Django migration. The app is installed correctly
- [Django]-How to set up Django website with jQuery