from django.contrib.auth.decorators import permission_required
class RequirePermissionMiddleware(object):
"""
Middleware component that wraps the permission_check decorator around
views for matching URL patterns. To use, add the class to
MIDDLEWARE_CLASSES and define RESTRICTED_URLS and
RESTRICTED_URLS_EXCEPTIONS in your settings.py.
For example:
RESTRICTED_URLS = (
(r'/topsecet/(.*)$', 'auth.access_topsecet'),
)
RESTRICTED_URLS_EXCEPTIONS = (
r'/topsecet/login(.*)$',
r'/topsecet/logout(.*)$',
)
RESTRICTED_URLS is where you define URL patterns and their associated
required permissions. Each URL pattern must be a valid regex.
RESTRICTED_URLS_EXCEPTIONS is, conversely, where you explicitly define
any exceptions (like login and logout URLs).
"""
def __init__(self):
self.restricted = tuple([(re.compile(url[0]), url[1]) for url in settings.RESTRICTED_URLS])
self.exceptions = tuple([re.compile(url) for url in settings.RESTRICTED_URLS_EXCEPTIONS])
def process_view(self,request,view_func,view_args,view_kwargs):
# An exception match should immediately return None
for path in self.exceptions:
if path.match(request.path): return None
# Requests matching a restricted URL pattern are returned
# wrapped with the permission_required decorator
for rule in self.restricted:
url, required_permission = rule[0], rule[1]
if url.match(request.path):
return permission_required(required_permission)(view_func)(request,*view_args,**view_kwargs)
# Explicitly return None for all non-matching requests
return None
Feed of latest snippets
Comments
I think you miss:
#
Thanks - fixed.
#