際際滷

際際滷Share a Scribd company logo

Django user permissions in your templates

Download as PPTX, PDF
Anton Pirker
Anton Pirker

Use Djangos custom template tags to create beatiful code to check for permissions (and other stuff) in your Django templates.

1 of 12
Downloaded 34 times
Django user permissions in your templates A nice little Django template tag pattern
The task On the frontend display an edit link for the owner of an object and for super users.
Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}
Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}
Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} Way better!
Version C: {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
The custom template tag from django import template register = template.Library() @register.filter def can_edit(user, obj): user_can_edit = False if user.is_authenticated: if user.is_superuser: user_can_edit = True else: if obj and obj.user and obj.user == user: user_can_edit = True return user_can_edit
More applications for this pattern {% if user|can_delete:my_object %} {% if user|is_in_group:group %} {% if event|is_attended_by:user %} {% if user|has_been_at:place %} {% if place|is_in_favorites_of:user %} {% if article|has_been_flagged_by:user %}
Thank you for listening! Anton Pirker anton@ignaz.at @antonpirker 際際滷s slideshare.net/apirker Blog post http://www.anton-pirker.at/django-user-permissions-in-your- templates/

More Related Content

Django user permissions in your templates

  • 1. Django user permissions in your templates A nice little Django template tag pattern
  • 2. The task On the frontend display an edit link for the owner of an object and for super users.
  • 3. Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}
  • 4. Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}
  • 5. Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  • 6. Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  • 7. Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  • 8. Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} Way better!
  • 9. Version C: {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  • 10. The custom template tag from django import template register = template.Library() @register.filter def can_edit(user, obj): user_can_edit = False if user.is_authenticated: if user.is_superuser: user_can_edit = True else: if obj and obj.user and obj.user == user: user_can_edit = True return user_can_edit
  • 11. More applications for this pattern {% if user|can_delete:my_object %} {% if user|is_in_group:group %} {% if event|is_attended_by:user %} {% if user|has_been_at:place %} {% if place|is_in_favorites_of:user %} {% if article|has_been_flagged_by:user %}
  • 12. Thank you for listening! Anton Pirker anton@ignaz.at @antonpirker 際際滷s slideshare.net/apirker Blog post http://www.anton-pirker.at/django-user-permissions-in-your- templates/