Mixins¶
New in version 1.0.4.
LoginRequiredMixin¶
-
class
guardian.mixins.
LoginRequiredMixin
¶ A login required mixin for use with class based views. This Class is a light wrapper around the login_required decorator and hence function parameters are just attributes defined on the class.
Due to parent class order traversal this mixin must be added as the left most mixin of a view.
The mixin has exaclty the same flow as login_required decorator:
If the user isn’t logged in, redirect to
settings.LOGIN_URL
, passing the current absolute path in the query string. Example:/accounts/login/?next=/polls/3/
.If the user is logged in, execute the view normally. The view code is free to assume the user is logged in.
Class Settings
LoginRequiredMixin.redirect_field_name
Default:'next'
LoginRequiredMixin.login_url
Default:settings.LOGIN_URL
PermissionRequiredMixin¶
-
class
guardian.mixins.
PermissionRequiredMixin
¶ A view mixin that verifies if the current logged in user has the specified permission by wrapping the
request.user.has_perm(..)
method.If a get_object() method is defined either manually or by including another mixin (for example
SingleObjectMixin
) orself.object
is defined then the permission will be tested against that specific instance, alternatively you can specify get_permission_object() method ifself.object
or get_object() does not return the object against you want to test permissionThe mixin does the following:
If the user isn’t logged in, redirect to settings.LOGIN_URL, passing the current absolute path in the query string. Example: /accounts/login/?next=/polls/3/.
If the raise_exception is set to True than rather than redirect to login page a PermissionDenied (403) is raised.
If the user is logged in, and passes the permission check than the view is executed normally.
Example Usage:
class SecureView(PermissionRequiredMixin, View): ... permission_required = 'auth.change_user' ...
Class Settings
PermissionRequiredMixin.permission_required
Default:None
, must be set to either a string or list of strings in format: <app_label>.<permission_codename>.PermissionRequiredMixin.login_url
Default:settings.LOGIN_URL
PermissionRequiredMixin.redirect_field_name
Default:'next'
PermissionRequiredMixin.return_403
Default:False
. Returns 403 error page instead of redirecting user.PermissionRequiredMixin.raise_exception
Default:
False
- permission_required - the permission to check of form “<app_label>.<permission codename>”
- i.e. ‘polls.can_vote’ for a permission on a model in the polls application.
PermissionRequiredMixin.accept_global_perms
- Default:
False
, If accept_global_perms would be set to True, then - mixing would first check for global perms, if none found, then it will proceed to check object level permissions.
PermissionRequiredMixin.permission_object
- Default:
None
, object against which test the permission; if None fallback toself.get_permission_object()
which returnself.get_object()
orself.object
by default.
-
check_permissions
(request)¶ Checks if request.user has all permissions returned by get_required_permissions method.
Parameters: request – Original request.
-
get_required_permissions
(request=None)¶ Returns list of permissions in format <app_label>.<codename> that should be checked against request.user and object. By default, it returns list from
permission_required
attribute.Parameters: request – Original request.
-
on_permission_check_fail
(request, response, obj=None)¶ Method called upon permission check fail. By default it does nothing and should be overridden, if needed.
Parameters: - request – Original request
- response – 403 response returned by check_permissions method.
- obj – Object that was fetched from the view (using
get_object
method orobject
attribute, in that order).