I'm building a Django web application in which I have two roles e.g. sys_user and an exhibitor. When a sys_user logins in he has access to all the urls and app modules but an exhibitor will have limited access i.e he will have access to specific urls and app modules. Consider the following:
When a sys_user logs in he should see (the following sidebar) and have access to all the modules like:
--- Module1
--- Module2
--- Module3
--- Module4
When an exhibitor logs he should see (the following sidebar) and have access to only the following modules like:
--- Module1
--- Module2
Now I know that Django provides its own permissions but I don't really know how they fit into my situation or is there any other alternative approach for this. Please point me in the right direction. Thanks
If you want to do this on Template level permissions are stored in {{ perm }} variable.
From Django docs:
{% if perms.foo %}
<p>You have permission to do something in the foo app.</p>
{% if perms.foo.can_vote %}
<p>You can vote!</p>
{% endif %}
{% if perms.foo.can_drive %}
<p>You can drive!</p>
{% endif %}
{% else %}
<p>You don't have permission to do anything in the foo app.</p>
{% endif %}
More information could be found here.
Also it is possible to do on url level:
from django.contrib.auth.decorators import login_required
from django.views.generic.simple import direct_to_template
urlpatterns = patterns('',
(r'^foo/$', login_required(direct_to_template), {'template': 'foo_index.html'}),
)
In this example login_required decorator is used. But you can create you own decorator, where you will check user in request object and based on it , make decision what to do(redirect, forbidden page etc.)
Here are comprehensive example of decorators usage in Django.
Simple example of custom decorator:
from django.contrib.auth.decorators import login_required, user_passes_test
@login_required
@user_passes_test(lambda u: u.user_name != 'sys_user', login_url='/myapp/denied/')
def some_view(request):