URLConf: Limiting access to generic views based on user permissions - inspecting url parameters

Question

Good day,

I have the following in my URLConf:

from django.contrib.auth.decorators import user_passes_test

urlpatterns = patterns('',
    (r'^manage/(?P<pk>\d+)/$', user_passes_test(lambda u: (u.is_authenticated()))
    UpdateView.as_view(model=Organization, success_url="/organizations/updated/", template_name="organization/manage.html",))),

So only authenticated users can access the view functionality via the url.

Question: Except for sub-classing the generic view, is there a way to inspect the pk embedded in the URL? I'd like to further validate that the user trying to access the Update function has the required permission.

The documentation doesn't go into this detail, and I'm battling to find any other reference to it.

Answer 1

If you're looking to extend the default functionality, especially if it's with something as delicate as user permission, the only real option is to subclass. I've turned to subclassing all my views, even when all the class definition has is a template_name, because it's much simpler to extend later.

Subclassing gives you full control over your code. There is no need to override crucial methods like get() orpost(), though -- auxiliary stuff like get_context_data() or form_valid() can take care of most checks and validations you need.

Answer 2

Yes there is, you just have to get more familiar with python decorators:

def my_custom_check(view):
  def view_wrap(request, *args, **kwargs):
    pk = kwargs['pk']
    # do your check here
    return view(request, *args, **kwargs)
  return view_wrap

Use it like this:

(r'^manage/(?P<pk>\d+)/$', my_custom_check(UpdateView.as_view(model=Organization, ...))),