def auth(request, path): from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden from django.utils.html import escape if request.user.is_anonymous(): # If not logged in, redirect to login page return HttpResponseRedirect(reverse("login") + "?next=/" + escape(path)) elif request.user.has_perm("some.perm"): # If allowed, then return empty "200 OK" response, and # set REQUEST_USER. result = HttpResponse() result['Variable-REMOTE_USER'] = request.user.username return result else: # Otherwise, a user who isn't allowed. result = HttpResponseForbidden() result.write("Access denied") return result