Authorization controls what users can do in your app. It keeps data safe and ensures users only access what they should.
from django.contrib.auth.decorators import login_required, permission_required @login_required def my_view(request): # code for logged-in users only @permission_required('app_label.permission_code') def admin_view(request): # code for users with specific permission
@login_required makes sure only logged-in users can access the view.
@permission_required checks if the user has a specific permission before running the view.
from django.http import HttpResponse from django.contrib.auth.decorators import login_required @login_required def dashboard(request): return HttpResponse('Welcome to your dashboard!')
from django.http import HttpResponse from django.contrib.auth.decorators import permission_required @permission_required('blog.change_post') def edit_post(request): return HttpResponse('Edit your post here.')
This example shows two views: one for any logged-in user to see their profile, and one for users with the 'view_user' permission to access the admin panel.
from django.http import HttpResponse from django.contrib.auth.decorators import login_required, permission_required @login_required def profile(request): return HttpResponse(f'Hello, {request.user.username}! This is your profile.') @permission_required('auth.view_user') def admin_panel(request): return HttpResponse('Welcome to the admin panel.')
Authorization is different from authentication. Authentication checks who you are; authorization checks what you can do.
Always protect sensitive views with proper authorization to avoid security risks.
Django provides easy decorators to add authorization checks to your views.
Authorization controls user access to parts of your app.
Use Django decorators like @login_required and @permission_required to enforce authorization.
Proper authorization keeps your app safe and users' data private.