Login

Permission Required Middleware

Author:
mattgrayson
Posted:
November 26, 2008
Language:
Python
Version:
1.0
Score:
1 (after 1 ratings)

Wraps specified URL patterns with permission_required decorator. Allows you to quickly require a specific permission for an area of your site based only on a URL pattern.

Assumes a passing knowledge of how Django permissions work and how to use them. See User authentication in Django for more information.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
from django.contrib.auth.decorators import permission_required

class RequirePermissionMiddleware(object):
    """
    Middleware component that wraps the permission_check decorator around 
    views for matching URL patterns. To use, add the class to 
    MIDDLEWARE_CLASSES and define RESTRICTED_URLS and 
    RESTRICTED_URLS_EXCEPTIONS in your settings.py.
    
    For example:
    
    RESTRICTED_URLS = (
                          (r'/topsecet/(.*)$', 'auth.access_topsecet'),
                      )
    RESTRICTED_URLS_EXCEPTIONS = (
                          r'/topsecet/login(.*)$', 
                          r'/topsecet/logout(.*)$',
                      )
                      
    RESTRICTED_URLS is where you define URL patterns and their associated 
    required permissions. Each URL pattern must be a valid regex. 
    
    RESTRICTED_URLS_EXCEPTIONS is, conversely, where you explicitly define 
    any exceptions (like login and logout URLs).
    """
    def __init__(self):
        self.restricted = tuple([(re.compile(url[0]), url[1]) for url in settings.RESTRICTED_URLS])
        self.exceptions = tuple([re.compile(url) for url in settings.RESTRICTED_URLS_EXCEPTIONS])
        
    def process_view(self,request,view_func,view_args,view_kwargs):
        # An exception match should immediately return None
        for path in self.exceptions:
            if path.match(request.path): return None            
        # Requests matching a restricted URL pattern are returned 
        # wrapped with the permission_required decorator
        for rule in self.restricted:
            url, required_permission = rule[0], rule[1]
            if url.match(request.path): 
                return permission_required(required_permission)(view_func)(request,*view_args,**view_kwargs)             
        # Explicitly return None for all non-matching requests
        return None

More like this

  1. Template tag - list punctuation for a list of items by shapiromatron 11 months, 2 weeks ago
  2. JSONRequestMiddleware adds a .json() method to your HttpRequests by cdcarter 11 months, 3 weeks ago
  3. Serializer factory with Django Rest Framework by julio 1 year, 6 months ago
  4. Image compression before saving the new model / work with JPG, PNG by Schleidens 1 year, 7 months ago
  5. Help text hyperlinks by sa2812 1 year, 7 months ago

Comments

trebor74hr (on April 14, 2009):

I think you miss:

  • from django.contrib.auth.decorators import permission_required

#

mattgrayson (on July 27, 2009):

Thanks - fixed.

#

Please login first before commenting.