django - Accessible url pattern only for certain group of users

Question

Is there a way to limit access to url pattern only for certain group of django users? for example, everything that starts with /settings/ shuld be accessible only for the administration group.

or maybe it is possible to create a new decorator such as @group("administration") and add it to each view that is limited to the group?

personally I prefer the second way, if possible.

score 5 · Answer 1 · answered Jul 18 '14 at 10:56

django provides a user_passes_test decorator to do exactly this. You can pass it any function and if the function returns a false value, the view is not shown.

The example explains it better:

from django.contrib.auth.decorators import user_passes_test

def email_check(user):
    return '@example.com' in user.email

@user_passes_test(email_check)
def my_view(request):
    ...

In your case, you want to see if the user is in a particular group:

def in_admin_group(user):
   return 'administration' in user.groups

In addition, this is compatible with `@login_required`. – caram Mar 06 '20 at 15:25 — caram, Mar 06 '20 at 15:25

score 1 · Answer 2 · edited Sep 28 '18 at 12:22

You probably want to either

add a specific permission to the group and use permission_required: https://docs.djangoproject.com/en/2.1/topics/auth/default/#the-permission-required-decorator

or

test that the user is in the group with user_passes_test: https://docs.djangoproject.com/en/2.1/topics/auth/default/#django.contrib.auth.decorators.user_passes_test

django - Accessible url pattern only for certain group of users

2 Answers2