1👍
You can use Django’s permission system to create any permission you want and then use the permission_required decorator to enforce your new permission. Or you could use the user_passess_test decorator to check if they’re in the group and reject them from disallowed urls.
You could also create a middleware that checks if the user is in the Driver group and returns a HttpResponseForbidden if they request a disallowed url, but middlewares can slow down every request to your app. You should be wary of doing too much there.
Source:stackexchange.com