Snippet List
### settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'utils.LoginRequiredMiddleware',
]
LOGIN_REQUIRED_URLS = [
r'^panel/(.*)$'
]
this will help any url under `panel/` require login.
- middleware
- authentication
- login_required
Based on [onecreativenerd](http://djangosnippets.org/users/onecreativenerd/) code.
Sometimes it's a real pain to use the @login_required decorator all over the views of a complicated site. This middleware requires login on every page by default and supports a list of regular expression to figure out the exceptions. This way you don't have to worry about forgetting to decorate a view.
This snippet requires LOGIN_URL to be set in settings.py, and optionally allows you fill out LOGIN_EXEMPT_URLS, a tuple of regular expressions (similar to urls.py) that lists your exceptions.
Example:
LOGIN_EXEMPT_URLS = (
r'^about\.html$',
r'^legal/', # allow the entire /legal/* subsection
)
- middleware
- django
- login
- login_required
- next
This is an Authorization class for [Tastypie](http://django-tastypie.readthedocs.org/en/latest/authentication_authorization.html) v0.9.11 (v0.9.12 changes how Authorization works).
DjangoAuthorization checks specific permissions — `add_model`, `change_model`, `delete_model`, etc. If you don't need that level of permissions checking, this might be useful. It just makes sure the User is logged in. It's equivalent to the `login_required` decorator.
Add login_required (or any other combination of decorators) to any view references by the urls created by patterns(...).
My personal little itch as an example...
urlpatterns += required(
login_required,
patterns('',
(r'^api/',
include(api.urls)),
)
)
Apply the `login_required` decorator to all the handlers in a class-based view that delegate to `cls.dispatch`.
Optional arguments:
* redirect_field_name = `REDIRECT_FIELD_NAME`
* login_url = `None`
See the documentation for the [`login_required`](https://docs.djangoproject.com/en/dev/topics/auth/#the-login-required-decorator) method for more information about the keyword arguments.
Usage:
@LoginRequired
class MyListView (ListView):
...
- view
- decorator
- class
- login_required
- class-decorator
- class-based-views
A login_required decorator that wraps the login view instead of redirecting to it.
This prevents your site from leaking login information with HTTP status codes as explained [here](https://grepular.com/Abusing_HTTP_Status_Codes_to_Expose_Private_Information).
This is the way Django's admin is protected, the difference being that it checks for is_active and is_staff instead of is_authenticated.
With this decorators, users directly see a login form (no redirect), post it to LOGIN_URL and are redirected to the page they first tried to see.
I use this snippet to simplify my auth system with flash uploader SWFUpload. flash_login_required ensures that the user is authenticated and inject the context dictionnary into the specified template. To redirect a user, just set the variable `context['redirect']` with an url.
Remember to include the cookie js in your template to get the sessionid variable POSTed to your view:
`<script type="text/javascript" src="/static/js/swfupload/swfupload.cookies.js"></script>`
- authentication
- decorator
- auth
- swfupload
- login_required
8 snippets posted so far.