Django View Authorization: Restricting Access (Overview)
Django provides tools for both authentication and authorization. Django view authorization is typically done with decorators. This course will show you how to use these view decorators to enforce authorized viewing of pages in your Django site.
By the end of this course you’ll know how to:
- Use
HttpRequestandHttpRequest.userobjects - Authenticate and authorize users
- Differentiate between regular, staff, and admin users
- Secure a view with the
@login_requireddecorator - Restrict a view to different roles with the
@user_passes_testdecorator - Use the Django messages framework to notify your users
00:00 Django View Authorization. Allowing users to log into your website solves two problems: authentication and authorization.
00:12 Authentication is the act of verifying a user’s identity, confirming that they are who they say they are.
00:20 Authorization is deciding whether a user is allowed to perform an action. The two concepts go hand in hand. If a page on your website is restricted to logged-in users, then users have to authenticate before they can be authorized to view the page.
00:38 Django provides tools for both authentication and authorization. Django view authorization is typically done with decorators. This video course will show you how to use these view decorators to enforce authorized viewing of pages in your Django website.
00:56
By the end of this course, you’ll know how to use HttpRequest and HttpRequest.user objects, authenticate and authorize users, differentiate between regular, staff, and admin users, secure a view with the @login_required decorator, restrict a view to different roles with the @user_passes_test decorator, and use the Django messages framework to notify your users.
01:23 So now that you know what you’ll be covering, let’s get started by getting everything you need set up.
Become a Member to join the conversation.