Django Generic Views with Dynamic Queryset Filtering and Permission Matrix

Snippet

Django Generic Views with Dynamic Queryset Filtering and Permission Matrix

Generic views combined with permission matrices enable fine-grained access control without repetitive decorator logic. The permission_matrix cached_property caches permission checks per request avoiding repeated database queries. Dynamic queryset filtering via GET parameters allows non-JavaScript filtered views while maintaining query efficiency through select_related.

snippet.py

python

from django.views.generic import ListView, DetailView
from django.core.exceptions import PermissionDenied
from django.contrib.auth.mixins import LoginRequiredMixin
from functools import cached_property
 
class ArticleDetailView(LoginRequiredMixin, DetailView):
    model = Article
    context_object_name = 'article'
    template_name = 'articles/detail.html'
 
    def get_queryset(self):
        user = self.request.user
        if user.is_superuser:
            return Article.objects.all()
        if user.has_perm('articles.view_article'):
            return Article.objects.filter(status='published')
        return Article.objects.none()
 
 
    def get_object(self):
        obj = super().get_object()
        if not self.request.user.has_perm('articles.view_detail', obj):
            raise PermissionDenied('Access denied to unpublished details')
        return obj
 
class ArticleListView(ListView):
    model = Article
    context_object_name = 'articles'
    paginate_by = 20
 
    @cached_property
    def permission_matrix(self):
        return {
            'can_publish': self.request.user.has_perm('articles.publish'),
            'can_archive': self.request.user.has_perm('articles.archive'),
            'can_edit': self.request.user.has_perm('articles.change'),
        }
 
    def get_queryset(self):
        queryset = Article.objects.select_related('author')
        status = self.request.GET.get('status')
        if status in ['published', 'draft', 'archived']:
            queryset = queryset.filter(status=status)
        author = self.request.GET.get('author')
        if author:
            queryset = queryset.filter(author__username=author)
        return queryset
 
    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        context['permissions'] = self.permission_matrix
        return context

django

Breakdown

@cached_property def permission_matrix(self):

Caches permission checks for entire request lifecycle

if user.is_superuser: return Article.objects.all()

Superusers bypass filtering to see all articles

if not self.request.user.has_perm('articles.view_detail', obj):

Object-level permission check with dynamic obj parameter

status = self.request.GET.get('status') if status in [...]:

Dynamic queryset filtering from URL query parameters

context_object_name = 'articles'

Context variable naming convention for template clarity

Previous snippet Next snippet

More Expert Python exercises →

From your library

Django Generic Views with Dynamic Queryset Filtering and Permission Matrix

Related