Password protected URLs Django - choose which to be protected also in admin
574 views
Skip to first unread message
rentgeeen
Apr 14, 2012, 2:13:30 PM4/14/12
to django...@googlegroups.com
Hello,
I have quite interesting problem with password protected content in Django. I can successfully protect my content or URLs in Django by using "@login_required" decorator.
Example:
**Urls.py**
urlpatterns = patterns('',
url(r'^(?P<category_categoryurl>[a-zA-Z0-9_.-]+)/$', 'example.sort'),
)
**Views.py**
@login_required
def categorysort(request, category_categoryurl):
latest_images_list2 = Category.objects.all().filter(categoryurl=category_categoryurl)
return render_to_response('category.html', {'latest_images_list': latest_images_list})
So basically this example would work like this:
Dynamic urls from DB all protected by password - because of "@login_required" decorator
What I want to achieve is that for example in admin I want to specify that some pages are with login and some not like in the example that with login:
Without login:
That during creation in admin specifying the url (thats easy) but also specify with checkmark do not need to login something like that.
Can I use python in the views:
If in db in Category login=True
do this:
@login_required
def categorysort(request, category_categoryurl):
latest_images_list2 = Category.objects.all().filter(categoryurl=category_categoryurl)
return render_to_response('category.html', {'latest_images_list': latest_images_list})
if Category login=False
do this:
def categorysort(request, category_categoryurl):
latest_images_list2 = Category.objects.all().filter(categoryurl=category_categoryurl)
return render_to_response('category.html', {'latest_images_list': latest_images_list})
Disregard the syntax only explaining where I am going.
Can you help me?
Thanks
Kevin
Apr 15, 2012, 7:12:44 AM4/15/12
to django...@googlegroups.com
Depending on how you are building your application, you have a few options here:
- If you need to protect specific rows in a database to only a handful of users, and make this configurable in admin site, use something like django-guardian to provide row-level permissions.
- If you absolutely need to pick and choose which URLs are going to require a login, the easiest way is to add a login field to your model, and check against that in a view.
- You can also create a brand-new model which has 1 field, a url to match against. Then you create a simple middleware to check against this model to see if it is in the database, if it's there, then apply a login_required decorator to the view. Here's a simple example:
class AdminProtectorMiddleware(object):
def process_view(self, req, view_func, view_args, view_kwargs):
# check req.path against your model
if req.path in model:
return login_required(view_func(*view_args, **view_kwargs))
else:
return None
Code not tested, please refer to Django documentation, this is just an example on how it would be done.
- If you need to protect specific rows in a database to only a handful of users, and make this configurable in admin site, use something like django-guardian to provide row-level permissions.
- If you absolutely need to pick and choose which URLs are going to require a login, the easiest way is to add a login field to your model, and check against that in a view.
- You can also create a brand-new model which has 1 field, a url to match against. Then you create a simple middleware to check against this model to see if it is in the database, if it's there, then apply a login_required decorator to the view. Here's a simple example:
class AdminProtectorMiddleware(object):
def process_view(self, req, view_func, view_args, view_kwargs):
# check req.path against your model
if req.path in model:
return login_required(view_func(*view_args, **view_kwargs))
else:
return None
Code not tested, please refer to Django documentation, this is just an example on how it would be done.
Reply all
Reply to author
Forward
0 new messages