1

I need to allow the user to see some parts of a page according to his permissions.

I've seen some answers here like using @user_passes_test ( Django - user permissions to certain views? ) and checks on the template ( Should I use Django permissions checks in the template AND the view? ).

In the latter @e-satis' answer states that for my case I should use checks at the template.

My question is: How can I do this and what is the best way (performance and security wise) to do so?

To exemplify my need I thought about Facebook. In Facebook you allow certain users to see some parts of your profile page or all of it. That's exactly the behavior I need to implement.

I appreciate your thoughts.

Thanks.

Community
  • 1
  • 1
eestein
  • 4,914
  • 8
  • 54
  • 93

2 Answers2

0

it's in the django docs

basically 

{% if perms.foo %}
    <p>You have permission to do something in the foo app.</p>
{% else %}
    <p>You don't have permission to do anything in the foo app.</p>
{% endif %}
scytale
  • 12,346
  • 3
  • 32
  • 46
  • I checked that link. But I'm not actually checking permissions set for that specific app. As in my Facebook example I need to check for custom permissions, saved on my database. Is that possible with this approach? Thanks for your answer. – eestein Nov 29 '12 at 12:15
  • sorry not sure what you mean - the permission lookup should work for any app, not just "that specific app". And yes with this approach you can totally show/hide parts of the page depending on the user's permissions - the django documentation I linked to shows that very clearly. – scytale Nov 29 '12 at 13:19
  • Ok, and how would I add permissions using that approach? When I saw the link I thought it was only for the app scope (system permissions). Thanks. – eestein Nov 29 '12 at 15:03
0

Based on your examples, I'm assuming you mean permissions in the context of the Django package and not authentication-checking (is_authenticated()). This is actually pretty straight-forward and given fully in an answer e-satis' gives here.

edit Looks like a better answer was given.

Community
  • 1
  • 1
tsalaroth
  • 112
  • 9
  • Yes, it's not to check if the user is authenticated, but to validated if he has the permission to see that specific block/data/info. Thanks. – eestein Nov 29 '12 at 12:18