Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Django 
user permissions 
in your templates 
A nice little Django template tag pattern
The task 
On the frontend 
display an “edit” link 
for the owner of an object and 
for super users.
Version A 
{% if user.is_authenticated %} 
{% if user.is_superuser %} 
<a href="{% url 'my_obj:edit' my_obj.id %}"> 
Edit ...
Version A 
{% if user.is_authenticated %} 
{% if user.is_superuser %} 
<a href="{% url 'my_obj:edit' my_obj.id %}"> 
Edit ...
Version B 
{% if user.is_authenticated and my_obj.user == user or 
user.is_superuser %} 
<a href="{% url 'my_obj:edit' my_...
Version B 
{% if user.is_authenticated and my_obj.user == user or 
user.is_superuser %} 
<a href="{% url 'my_obj:edit' my_...
Version C 
{% if user|can_edit:my_obj %} 
<a href="{% url 'my_obj:edit' my_obj.id %}"> 
Edit object 
</a> 
{% endif %}
Version C 
{% if user|can_edit:my_obj %} 
<a href="{% url 'my_obj:edit' my_obj.id %}"> 
Edit object 
</a> 
{% endif %} 
Wa...
Version C: 
{% if user|can_edit:my_obj %} 
<a href="{% url 'my_obj:edit' my_obj.id %}"> 
Edit object 
</a> 
{% endif %}
The custom template tag 
from django import template 
register = template.Library() 
@register.filter 
def can_edit(user, ...
More applications for this pattern 
{% if user|can_delete:my_object %} 
{% if user|is_in_group:group %} 
{% if event|is_at...
Thank you for listening! 
Anton Pirker 
anton@ignaz.at 
@antonpirker 
Slides 
slideshare.net/apirker 
Blog post 
http://ww...
Upcoming SlideShare
Loading in …5
×

Django user permissions in your templates

5,011 views

Published on

Use Djangos custom template tags to create beatiful code to check for permissions (and other stuff) in your Django templates.

Published in: Internet
  • Be the first to comment

Django user permissions in your templates

  1. 1. Django user permissions in your templates A nice little Django template tag pattern
  2. 2. The task On the frontend display an “edit” link for the owner of an object and for super users.
  3. 3. Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}
  4. 4. Version A {% if user.is_authenticated %} {% if user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% else %} {% if my_obj.user == user %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} {% endif %} {% endif %}
  5. 5. Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  6. 6. Version B {% if user.is_authenticated and my_obj.user == user or user.is_superuser %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  7. 7. Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  8. 8. Version C {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %} Way better!
  9. 9. Version C: {% if user|can_edit:my_obj %} <a href="{% url 'my_obj:edit' my_obj.id %}"> Edit object </a> {% endif %}
  10. 10. The custom template tag from django import template register = template.Library() @register.filter def can_edit(user, obj): user_can_edit = False if user.is_authenticated: if user.is_superuser: user_can_edit = True else: if obj and obj.user and obj.user == user: user_can_edit = True return user_can_edit
  11. 11. More applications for this pattern {% if user|can_delete:my_object %} {% if user|is_in_group:group %} {% if event|is_attended_by:user %} {% if user|has_been_at:place %} {% if place|is_in_favorites_of:user %} {% if article|has_been_flagged_by:user %}
  12. 12. Thank you for listening! Anton Pirker anton@ignaz.at @antonpirker Slides slideshare.net/apirker Blog post http://www.anton-pirker.at/django-user-permissions-in-your- templates/

×