Most complex websites require user accounts. Once you have user accounts, you need to limit where they can and can’t go. Django provides role-based authentication to help you with these restrictions.

In this course, you learned how to:

Use HttpRequest and HttpRequest.user objects
Authenticate and authorize users
Differentiate between regular, staff, and admin users
Secure a view with the @login_required decorator
Restrict a view to different roles with the @user_passes_test decorator
Use the Django messages framework to notify your users

Download

Sample Code (.zip)

17.9 KB

Download

Course Slides (.pdf)

1.4 MB

Congratulations, you made it to the end of the course! What’s your #1 takeaway or favorite thing you learned? How are you going to put your newfound skills to use? Leave a comment in the discussion section and let us know.

00:00 Summary. Well done! You’ve made it to the end of the course. You’ve seen that most complex websites require user accounts and that once you have them, you need to limit where they can and can’t go.

00:13 Django has provided you with role-based authentication and authorization to help you with these restrictions. In this course, you learned how to use HttpRequest and HttpRequest.user objects, authenticate and authorize users, differentiate between regular, staff, and admin users, secure a view with the @login_required decorator, restrict a view to different roles with the @user_passes_test decorator, and use the Django messages framework to notify your users. We hope you found this course useful, and we’ll see you again soon at realpython.com.

SwingPy on Nov. 21, 2022

The course is short and to the point. I really like that it is a practical explanation of a very common problem. If more is needed, (groups, permissions, etc) there are other courses available.

Become a Member to join the conversation.

Django View Authorization: Restricting Access (Summary)