Django user permissions in your templates

•Download as PPTX, PDF•

2 likes•6,686 views

Use Djangos custom template tags to create beatiful code to check for permissions (and other stuff) in your Django templates.

Internet

Django
user permissions
in your templates
A nice little Django template tag pattern

The task
On the frontend
display an “edit” link
for the owner of an object and
for super users.

$Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}$

$Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}$

$Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}$

$Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} Way better!$

$Version C: {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}$

The custom template tag
from django import template
register = template.Library()
@register.filter
def can_edit(user, obj):
user_can_edit = False
if user.is_authenticated:
if user.is_superuser:
user_can_edit = True
else:
if obj and obj.user and obj.user == user:
user_can_edit = True
return user_can_edit

$More applications for this pattern {% if user|can_delete:my_object %} {% if user|is_in_group:group %} {% if event|is_attended_by:user %} {% if user|has_been_at:place %} {% if place|is_in_favorites_of:user %} {% if article|has_been_flagged_by:user %}$

Thank you for listening!
Anton Pirker
anton@ignaz.at
@antonpirker
Slides
slideshare.net/apirker
Blog post
http://www.anton-pirker.at/django-user-permissions-in-your-
templates/

What's hot

Chapter 14Benjamin Yu

CSE Final Year Project Presentation on Android ApplicationAhammad Karim

Software design methodologiesDr. C.V. Suresh Babu

Software Development Life Cycle (SDLC)Mohamed Sami El-Tahawy

Verification and Validation in Software Engineering SE19koolkampus

Bug tracking system pptNeha Kaurav

Computer shop billing systemMayur Solanki

Fagan InspectionECC International

Chapter 2 software process modelsGolda Margret Sheeba J

UML Diagrams For Online Course PortalHarieHaren GV

Software development life cycleA Subbiah

E recipe-managmentAmitSaha123

Graphical password pptMumbai University

Sdlc modelsVatsana Technologies Pte Ltd

Placement management systemMehul Ranavasiya

PHP || [Student Result Management System]Jiangxi University of Science and Technology (江西理工大学)

Software development processuniversity of mumbai

Biology protein structure in cloud computinggaurav jain

Software Devlopment Life CycleVivek Gupta

Software processAmisha Patel

What's hot (20)

Chapter 14

CSE Final Year Project Presentation on Android Application

Software design methodologies

Software Development Life Cycle (SDLC)

Verification and Validation in Software Engineering SE19

Bug tracking system ppt

Computer shop billing system

Fagan Inspection

Chapter 2 software process models

UML Diagrams For Online Course Portal

Software development life cycle

E recipe-managment

Graphical password ppt

Sdlc models

Placement management system

PHP || [Student Result Management System]

Software development process

Biology protein structure in cloud computing

Software Devlopment Life Cycle

Software process

Django user permissions in your templates

1. Django user permissions in your templates A nice little Django template tag pattern

2. The task On the frontend display an “edit” link for the owner of an object and for super users.

3. Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}

4. Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}

5. Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}

6. Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}

7. Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}

8. Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} Way better!

9. Version C: {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}

10. The custom template tag from django import template register = template.Library() @register.filter def can_edit(user, obj): user_can_edit = False if user.is_authenticated: if user.is_superuser: user_can_edit = True else: if obj and obj.user and obj.user == user: user_can_edit = True return user_can_edit

11. More applications for this pattern {% if user|can_delete:my_object %} {% if user|is_in_group:group %} {% if event|is_attended_by:user %} {% if user|has_been_at:place %} {% if place|is_in_favorites_of:user %} {% if article|has_been_flagged_by:user %}

12. Thank you for listening! Anton Pirker anton@ignaz.at @antonpirker Slides slideshare.net/apirker Blog post http://www.anton-pirker.at/django-user-permissions-in-your- templates/

Django user permissions in your templates

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Django user permissions in your templates