python / intermediate
Snippet
Django View Permission Decorators
Decorators provide declarative authorization logic, keeping view code clean and readable. login_required redirects unauthenticated users to a login page. permission_required checks for specific permissions on the user object. user_passes_test accepts a callable that receives the user and returns boolean, enabling custom logic. Decorators are evaluated in order, and combining multiple permissions requires all to be granted.
snippet.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from django.contrib.auth.decorators import (login_required, permission_required, user_passes_test)from django.shortcuts import render@login_required(login_url='/login/')def dashboard(request):return render(request, 'dashboard.html')@permission_required('catalog.change_product', raise_exception=True)def edit_product(request, product_id):return render(request, 'edit_product.html', {'id': product_id})def is_verified_user(user):return user.is_authenticated and getattr(user, 'email_verified', False)@user_passes_test(is_verified_user, login_url='/verify-email/')def premium_content(request):return render(request, 'premium.html')# Combining multiple permissions with AND logicfrom django.contrib.auth.decorators import permission_required@permission_required('orders.add_order', 'orders.change_order')def process_order(request):pass
django
Breakdown
1
@login_required(login_url='/login/')
Redirects to custom URL instead of default /accounts/login/
2
@permission_required('catalog.change_product', raise_exception=True)
Raises PermissionDenied instead of redirecting if permission missing
3
@user_passes_test(is_verified_user, login_url='/verify-email/')
Custom test function for application-specific verification logic
4
@permission_required('orders.add_order', 'orders.change_order')
Multiple strings = user needs ALL permissions (AND logic)