Mixins¶
New in version 1.0.4.
LoginRequiredMixin¶
-
class
guardian.mixins.
LoginRequiredMixin
¶ A login required mixin for use with class based views. This Class is a light wrapper around the login_required decorator and hence function parameters are just attributes defined on the class.
Due to parent class order traversal this mixin must be added as the left most mixin of a view.
The mixin has exactly the same flow as login_required decorator:
If the user isn’t logged in, redirect to
settings.LOGIN_URL
, passing the current absolute path in the query string. Example:/accounts/login/?next=/polls/3/
.If the user is logged in, execute the view normally. The view code is free to assume the user is logged in.
Class Settings
LoginRequiredMixin.redirect_field_name
Default:'next'
LoginRequiredMixin.login_url
Default:settings.LOGIN_URL
PermissionRequiredMixin¶
-
class
guardian.mixins.
PermissionRequiredMixin
¶ A view mixin that verifies if the current logged in user has the specified permission by wrapping the
request.user.has_perm(..)
method.If a get_object() method is defined either manually or by including another mixin (for example
SingleObjectMixin
) orself.object
is defined then the permission will be tested against that specific instance, alternatively you can specify get_permission_object() method ifself.object
or get_object() does not return the object against you want to test permissionThe mixin does the following:
If the user isn’t logged in, redirect to settings.LOGIN_URL, passing the current absolute path in the query string. Example: /accounts/login/?next=/polls/3/.
If the raise_exception is set to True than rather than redirect to login page a PermissionDenied (403) is raised.
If the user is logged in, and passes the permission check than the view is executed normally.
Example Usage:
class SecureView(PermissionRequiredMixin, View): ... permission_required = 'auth.change_user' ...
Class Settings
PermissionRequiredMixin.permission_required
Default:None
, must be set to either a string or list of strings in format: <app_label>.<permission_codename>.PermissionRequiredMixin.login_url
Default:settings.LOGIN_URL
PermissionRequiredMixin.redirect_field_name
Default:'next'
PermissionRequiredMixin.return_403
Default:False
. Returns 403 error page instead of redirecting user.PermissionRequiredMixin.return_404
Default:False
. Returns 404 error page instead of redirecting user.PermissionRequiredMixin.raise_exception
Default:
False
- permission_required - the permission to check of form “<app_label>.<permission codename>”
- i.e. ‘polls.can_vote’ for a permission on a model in the polls application.
PermissionRequiredMixin.accept_global_perms
- Default:
False
, If accept_global_perms would be set to True, then - mixing would first check for global perms, if none found, then it will proceed to check object level permissions.
PermissionRequiredMixin.permission_object
- Default:
(not set)
, object against which test the permission; if not set fallback toself.get_permission_object()
which returnself.get_object()
orself.object
by default.
PermissionRequiredMixin.any_perm
Default:False
. if True, any of permission in sequence is accepted.-
check_permissions
(request)¶ Checks if request.user has all permissions returned by get_required_permissions method.
Parameters: request – Original request.
-
get_required_permissions
(request=None)¶ Returns list of permissions in format <app_label>.<codename> that should be checked against request.user and object. By default, it returns list from
permission_required
attribute.Parameters: request – Original request.
-
on_permission_check_fail
(request, response, obj=None)¶ Method called upon permission check fail. By default it does nothing and should be overridden, if needed.
Parameters: - request – Original request
- response – 403 response returned by check_permissions method.
- obj – Object that was fetched from the view (using
get_object
method orobject
attribute, in that order).
PermissionListMixin¶
-
class
guardian.mixins.
PermissionListMixin
¶ A view mixin that filter object in queryset for the current logged by required permission.
Example Usage:
class SecureView(PermissionListMixin, ListView): ... permission_required = 'articles.view_article' ...
or:
class SecureView(PermissionListMixin, ListView): ... permission_required = 'auth.change_user' get_objects_for_user_extra_kwargs = {'use_groups': False} ...
Class Settings
PermissionListMixin.permission_required
Default:None
, must be set to either a string or list of strings in format: <app_label>.<permission_codename>.PermissionListMixin.get_objects_for_user_extra_kwargs
Default:{}
, A extra params to pass for`guardian.shortcuts.get_objects_for_user`
-
get_get_objects_for_user_kwargs
(queryset)¶ Returns dict of kwargs that should be pass to
`get_objects_for_user`
.Parameters: request – Queryset to filter
-
get_required_permissions
(request=None)¶ Returns list of permissions in format <app_label>.<codename> that should be checked against request.user and object. By default, it returns list from
permission_required
attribute.Parameters: request – Original request.
-