2👍
✅
You could write some middleware that implements the process_view method, then check which app the view function belongs to.
For example, this is one (potentially buggy) way you could do it:
class RestrictAppMiddleware(object):
def process_view(self, request, view_func, *args, **kwargs):
view_module = view_func.__module__
allowed_apps = apps_visible_to_user(request.user)
if not any(app_name in view_module for app_name in allowed_apps):
return HttpResponse("Not authorized", status=403)
Obviously you’d need to improve on the heuristic (ex, this one will allow users with access too “foo” view “foobar” as well) and consider apps which rely on Django built-in views (ex, direct_to_template)… But this is the way I’d do it.
Source:stackexchange.com