Django - limiting url access to superusers

Question

In my urlconf, i have:

url(r'^sssssh/(.*)', staff_only_app.site.root),

What I'd like to do is limiting any access to this application to superusers. I tried this:

url(r'^sssssh/(.*)', user_passes_test(staff_only_app.site.root, lambda u: u.is_superuser)),

But it complains that decorate takes exactly 1 argument, and I gave two.

I'm thinking about currying the decorator via functools.partial, but thought I may be missing some more obvious solution.

Why do you want to do it in urls.py, you should do this in views.py — KillianDS, Jun 29 '10 at 10:30
@KillianDS I want to do it in urls.py because I don't want to go and edit all the views in a reusable app I didn't write. — Agos, Jun 29 '10 at 21:22

score 4 · Accepted Answer · answered Sep 09 '11 at 14:31

Very late reply!...

I think it's just a quick and dirty syntax hangup:

url(r'^sssssh/(.*)', user_passes_test(lambda u: u.is_superuser)(staff_only_app.site.root),

^I think this is the strange but correct syntax for passing an argument to a decorator.

But on 2nd thought, you can only decorate view functions, not entire sites.

score 1 · Answer 2 · answered Jun 29 '10 at 13:43

1

Write a decorator similar to Django's login_required or f.ex. this one http://djangosnippets.org/snippets/254/ and decorate the view.

answered Jun 29 '10 at 13:43

zalew

score 0 · Answer 3 · edited Nov 30 '11 at 17:08

0

Use the user_passes_test decorator.

example:

from django.contrib.auth.decorators import user_passes_test

@user_passes_test(lambda u: u.is_superuser)

def sample_view(request):

edited Nov 30 '11 at 17:08

CoolBeans

answered Feb 22 '11 at 11:05

cyriacthomas

1

Please, read the question and the comments below it on why I want(ed) to do it in urls and not in views. – Agos Feb 22 '11 at 23:57

3 Answers3