0
0
Djangoframework~30 mins

Permission required decorator in Django - Mini Project: Build & Apply

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Permission Required Decorator in Django
📖 Scenario: You are building a Django web app where some pages should only be accessible to users with specific permissions. You want to create a decorator that checks if a user has the required permission before allowing access to a view.
🎯 Goal: Build a Django view decorator called permission_required that takes a permission name as an argument and only allows users with that permission to access the view. If the user lacks permission, they should be redirected to a login page.
📋 What You'll Learn
Create a Django view function called my_view.
Create a decorator function called permission_required that accepts a permission string.
Inside the decorator, check if the user has the required permission using user.has_perm(permission).
If the user does not have permission, redirect them to the login page using redirect('login').
Apply the permission_required decorator to my_view with the permission 'app.view_secret'.
💡 Why This Matters
🌍 Real World
Web apps often need to restrict access to certain pages based on user permissions. This decorator helps enforce those rules cleanly.
💼 Career
Understanding decorators and permission checks is essential for backend web developers working with Django or similar frameworks.
Progress0 / 4 steps
1
Create a simple Django view function
Create a Django view function called my_view that takes a request argument and returns a simple HttpResponse with the text "Secret page content".
Django
Need a hint?

Use def my_view(request): to define the function and return HttpResponse("Secret page content").

2
Create the permission_required decorator function
Create a decorator function called permission_required that accepts a permission string argument. Inside, define an inner function decorator that takes a view_func argument and returns a wrapper function. The wrapper should accept request and *args, **kwargs.
Django
Need a hint?

Define permission_required that returns decorator. Inside decorator, define wrapper that takes request, *args, **kwargs.

3
Add permission check and redirect logic inside the wrapper
Import redirect from django.shortcuts at the top of the file. Inside the wrapper function, check if request.user.has_perm(permission) is False. If so, return redirect('login'). Otherwise, return the original view function call with view_func(request, *args, **kwargs).
Django
Need a hint?

Use if not request.user.has_perm(permission): to check permission and return redirect('login') if missing.

4
Apply the permission_required decorator to the view
Apply the permission_required decorator to the my_view function with the permission string 'app.view_secret'. Use the decorator syntax @permission_required('app.view_secret') above the my_view definition.
Django
Need a hint?

Place @permission_required('app.view_secret') directly above def my_view(request):.