auth.decorators.permission_required()

permission_required(perm, login_url=None, raise_exception=False) [source]

It’s a relatively common task to check whether a user has a particular permission. For that reason, Django provides a shortcut for that case: the permission_required() decorator.:

from django.contrib.auth.decorators import permission_required

@permission_required('polls.can_vote')
def my_view(request):
    ...

Just like the has_perm() method, permission names take the form "<app label>.<permission codename>" (i.e. polls.can_vote for a permission on a model in the polls application).

The decorator may also take an iterable of permissions, in which case the user must have all of the permissions in order to access the view.

Note that permission_required() also takes an optional login_url parameter:

from django.contrib.auth.decorators import permission_required

@permission_required('polls.can_vote', login_url='/loginpage/')
def my_view(request):
    ...

As in the login_required() decorator, login_url defaults to settings.LOGIN_URL.

If the raise_exception parameter is given, the decorator will raise PermissionDenied, prompting the 403 (HTTP Forbidden) view instead of redirecting to the login page.

If you want to use raise_exception but also give your users a chance to login first, you can add the login_required() decorator:

from django.contrib.auth.decorators import login_required, permission_required

@login_required
@permission_required('polls.can_vote', raise_exception=True)
def my_view(request):
    ...
Changed in Django 1.9:

In older versions, the permission parameter only worked with strings, lists, and tuples instead of strings and any iterable.

doc_Django
2016-10-09 18:34:08
Comments
Leave a Comment

Please login to continue.