How To Restrict Pages or Models based on User/Group Permissions with CBVs?

Question

Solution thanks to Sk1p:

from django.contrib.auth.decorators import permission_required

ip_manager/urls.py:

urlpatterns = patterns('',
    url(r'^(?P<groupname>\w+)/tag/add/$', permission_required('ip_manager.add_tag')(TagFormView.as_view()), name='tag-add'),
)

---

I am trying to restrict users from adding, changing, or deleting a model. I am using only CBVs. I have looked at the following examples..

Decorating the class

and

How to use permission_required decorators on django class-based views

My problem is I want to tell which permission a user needs to access, but I am not sure how to specify it. I tried passing the permission as a arg in login-required and tested it on a user with no permissions set. This method did not work it still allowed me to add a new model object. Does any one have any suggestions?

ip_manager/urls.py:

urlpatterns = patterns('',
    url(r'^(?P<groupname>\w+)/tag/add/$', login_required(TagFormView.as_view(), 'ip_manager.add_tag'), name='tag-add'),
)

Thanks, Ryan

Answer 1

If you want to specify the needed permissions, you need to use the permission_required decorator . Because it takes an argument, something like the following should work:

permission_required("your_permission")(TagFormView.as_view())

This is also stated in the documentation: Decorating class-based views

Answer 2

Another way to restrict permissions on Class-Based Views (instead of the URL route) is to use Groups within the admin panel and a PermissionRequiredMixin on the view itself. Just apply the PermissionRequiredMixin as such...

class MemoCreateView(LoginRequiredMixin, PermissionRequiredMixin, CreateView):
    permission_required = 'memos.can_change_memo'
    model = Memo

... then add users to specific Groups within the admin panel and apply can_change_memo permissions to that Group .. Or better-yet, apply the group to the users on sign-up!