View access control¶

There may be some views that shouldn’t be accessed by users who haven’t configured their latch yet, and vice versa. That is the reason django-latch provides mixins for class-based views and decorators for function-based views.

An example of views limited to users with a paired or unpaired latch are PairLatchView and UnpairLatchView.

Mixins¶

django-latch offers two class-based view mixins to limit the access to some views according to the fact that a user has or hasn’t configured its latch.

class django_latch.mixins.PairedUserRequiredMixin[source]¶

Verify that the current user is not paired with the Latch service.

It has the same the behaviour as paired_user_required(), which is the following:

If the user isn’t logged in, it redirects to settings.LOGIN_URL passing the current absolute path in the query string.
If the user is authenticated but unpaired, then the decorator will raise PermissionDenied, prompting the 403 (HTTP Forbidden) view instead of redirecting to the login page.

This mixin implies that the user must be logged in, so using LoginRequiredMixin is not necessary when a view inherit from PairedUserRequiredMixin.

class django_latch.mixins.UnpairedUserRequiredMixin[source]¶

Verify that the current user is paired with the Latch service.

It has the same the behaviour as unpaired_user_required(), which is the following:

If the user isn’t logged in, it redirects to settings.LOGIN_URL passing the current absolute path in the query string.
If the user is authenticated but paired, then the decorator will raise PermissionDenied, prompting the 403 (HTTP Forbidden) view instead of redirecting to the login page.

This mixin implies that the user must be logged in, so using LoginRequiredMixin is not necessary when a view inherit from UnpairedUserRequiredMixin.

Decorators¶

django-latch provides two decorators that can be applied to views.

django_latch.decorators.paired_user_required(function=None)[source]¶

Decorator for views that checks that the authenticated user is paired with the Latch service.

It has the same the behaviour as PairedUserRequiredMixin, which is the following:

If the user isn’t logged in, it redirects to settings.LOGIN_URL passing the current absolute path in the query string.
If the user is authenticated but unpaired, then the decorator will raise PermissionDenied, prompting the 403 (HTTP Forbidden) view instead of redirecting to the login page.

This decorator implies that a user must be logged in, so using login_required() is not necessary when paired_user_required() is present.

django_latch.decorators.unpaired_user_required(function=None)[source]¶

Decorator for views that checks that the authenticated user is not paired with the Latch service.

It has the same the behaviour as UnpairedUserRequiredMixin, which is the following:

If the user isn’t logged in, it redirects to settings.LOGIN_URL passing the current absolute path in the query string.
If the user is authenticated but paired, then the decorator will raise PermissionDenied, prompting the 403 (HTTP Forbidden) view instead of redirecting to the login page.

This decorator implies that a user must be logged in, so using login_required() is not necessary when unpaired_user_required() is present.