Reputation: 789
Django- restrict users to access urls
i'm creating a app.it has manytomany field to store data about class and students.
urls.py
url(r'^class/(?p<title>[-\w]+)/(?p<id>[\d]+)/',views.list,name ='list'),
Basically one user(Teacher) can create many class_room .Each class_room have one title and many students following in that class.
problem is:
Each class_room have unique url. Eg (mywebsite.com/science/88/) this link is access only for following students not for anonymous user.This is a loop hole if any non following students try some random url like this they could see the page (mywebsite.com/maths/2500/).
How to restrict a student from access a page which he is not following?
Upvotes: 3
Views: 5504
Answers (1)
Reputation: 8506
the UserPassesTestMixin mixin can be used to this effect. Basically, write a View Class that implements the test_funcfunction. This function has access to self so you can read the URL and the user. if the test_func returns True, the user is allowed to go on, otherwise is passed to access control (probably redirected to the login form if configured).
Upvotes: 4
Related Questions
- Make it so url can only be accessed through redirect
- How can I limit access to certain urls depending on the logged in user?
- In Django, restrict users to particular urls
- Allowing URL access only to logged-in users
- Django -- Allowing Users To Only View Their Own Page
- How can I restrict user from accessing some specific urls?
- Django unique URL access per user
- Django - allow url only to be accessed from a specific page
- Limit url acces with Django
- Restrict page view access to specific users/customers