6👍
✅
Try this mixin:
from django.contrib.auth.mixins import LoginRequiredMixin, AccessMixin
from django.contrib.auth import logout
class LogoutIfNotStaffMixin(AccessMixin):
def dispatch(self, request, *args, **kwargs):
if not request.user.is_staff:
logout(request)
return self.handle_no_permission()
return super(LogoutIfNotStaffMixin, self).dispatch(request, *args, **kwargs)
For use it, do as follow:
class AdminView(PermissionRequiredMixin, LogoutIfNotStaffMixin, TemplateView):
permission_required = 'is_staff'
template_name = 'checkout/admin.html'
This mixin verifies the is_staff property (User class) in dispatch method (works for POST, GET and other request methods).
Source:stackexchange.com