I would like to decouple the permission checking in django.
Current draw-back: If you use decorators like [login_required][1], then you can't know in advance whether a user has the permission to do so or not.
I would like to split this into two steps:
1. check permissions
1. call the view.
# Use Case 1: Admin tool
I want an tool for admins where they can check the access-permissions of users. This requires:
1. The check must not use the current `request.user` since this is the wrong user object.
1. The check must not actually call the view, since this might alter data.
# Use Case 2: Show Link as disabled.
I want to show links as disabled (grayed out and without "href") if a user does not have the permission to see linked page.
# Dream
Returning a boolean for "ok" and "permission denied" is nice. But the big benefit would be if the admin could get a **reason**.
Example:
1. Admin opens "Check Perm Tool"
1. He selects a view/URL
1. The admin hits "submit"
Result:
------------------------------
| User | Allowed | Reason
------------------------------
| fooadmin | Yes | is_superuser
| foouser | No | missing permission "view-bar-at-midnight"
| foobar | Yes | User has permission "view-bar-at-midnight"
# Question
How to get this dream come true?
[1]:
https://docs.djangoproject.com/en/1.9/topics/auth/default/#django.contrib.auth.decorators.login_required