O'Reilly logo

Django Unleashed by Andrew Pinkham

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

20.4 Protecting Views with Permissions

Now that we understand permissions and groups, and we have a contributor group to help add content to the website, we need to protect the webpages that affect data such that only contributors and superusers can access the page. In HTTP, if a page is inaccessible, we return a 403 Not Authorized error.

To start, we can use the @login_required decorator to protect a view and force visitors to authenticate. Unfortunately, decorators are aimed specifically at functions, which means we can’t apply them to any of our classes or even our methods. With that said, because class-based views (CBVs) actually generate a function view (the inner view() function; see Chapter 5: Creating Webpages with Controllers in Django, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required