Hi,
The auth-decorators to check for permission are nice, but it would
be better, if the authorization could be decoupled from calling the view.
My goal: Check if a user can access a view without calling it, because
I want to disable/hide a link if the user must not call it.
I implemented it in my application, but it would be nice if something like
this would inside django (This would improve plug-ability of applications)
My implementation works like this:
every view method as an attribute 'has_perm' which takes the
same args, kwargs like the view:
def myview(request, something)
...
myview.has_perm=lambda ...
For ease of usage you can set has_perm to True (no access restriction)
or to a permission string (app_label.perm_codename) or to is_authenticated,
is_staff, is_superuser.
There is a small helper method for checking if a user/request would be
allowed
to access this view and a small middleware to render "403 forbidden" pages.
Thomas
--
Thomas Guettler, http://www.thomas-guettler.de/
E-Mail: guettli (*) thomas-guettler + de
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
