python / intermediate
Snippet
Django View Decorators for Permission Control
Django decorators provide a clean way to add functionality to views without modifying their core logic. login_required ensures unauthenticated users are redirected to login. user_passes_test allows custom permission functions for granular access control. require_http_methods restricts which HTTP methods a view accepts. These decorators follow the DRY principle by centralizing cross-cutting concerns.
snippet.py
1
from django.contrib.auth.decorators import login_required, user_passes_test\nfrom django.http import HttpResponseForbidden\nfrom django.views.decorators.http import require_http_methods\n\ndef is_admin_or_moderator(user):\n return user.is_authenticated and (\n user.is_staff or user.is_superuser or\n getattr(user, 'role', None) in ['admin', 'moderator']\n )\n\n@login_required\ndef user_dashboard(request):\n return render(request, 'dashboard.html')\n\n@user_passes_test(is_admin_or_moderator)\ndef manage_users(request):\n users = User.objects.all()\n return render(request, 'manage_users.html', {'users': users})\n\n@require_http_methods(["POST", "GET"])\ndef api_endpoint(request):\n if request.method == 'POST':\n data = json.loads(request.body)\n return JsonResponse({'status': 'success', 'data': data})\n return JsonResponse({'status': 'ready'})
django
Breakdown
1
def is_admin_or_moderator(user):
Define custom permission check function returning boolean
2
@login_required
Decorator to require authentication before accessing view
3
@user_passes_test(is_admin_or_moderator)
Decorator applying custom permission function to view
4
@require_http_methods(["POST", "GET"])
Decorator to limit accepted HTTP methods for view