This module is a Django middleware that make all views and URLs login required.
you can install Django Global Login Required Middleware using
$ pip install django-glrm
To install this app, you should add
MIDDLEWARE = [ # default contents 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', ... 'global_login_required.GlobalLoginRequiredMiddleware', ... ]
then all routes in your sile will be login required.
there is 4 ways to exclude a url or view from being login required:
if you want to use
login_not_required decorator for a class based view, it should be in one of this formats:
- Use as a normal decorator for class
from global_login_required import login_not_required from django.views.generic import ListView @login_not_required class test_ClassBasedView_decorator(ListView): ...
from global_login_required import login_not_required urlpatterns = [ ... path(r'^cbv_decorator/', login_not_required(test_ClassBasedView_decorator.as_view())), ... ]
from global_login_required import login_not_required from django.utils.decorators import method_decorator from django.views.generic import ListView @method_decorator(login_not_required, name='dispatch') class test_ClassBasedView_method_decorator(ListView): ...
If you combine
login_not_required decorator with a
login_required decorator, your view will be login required.
also you can a
LOGIN_NOT_REQUIRED to your class based views and your class will be publicly available:
from django.views.generic import ListView class test_ClassBasedView_property_public(ListView): LOGIN_NOT_REQUIRED = True # Makes the view publicly available def get(self, request, *args, **kwargs): return HttpResponse("Response from view.")
If you set
False your view still login required:
from django.views.generic import ListView class test_ClassBasedView_property(ListView): LOGIN_NOT_REQUIRED = False # The view still login required def get(self, request, *args, **kwargs): return HttpResponse("Response from view.")
There is 2 settings available
This setting is a python list that contains string path to any view that you want to make it publicly available:
PUBLIC_VIEWS = [ 'django.contrib.auth.views.login', 'myapp.views.the_view', ]
The middleware will check every request and if responsible view of the request was listed at this setting, it will ignore checking for authentication.
The view listed here can be function based or class based.
This setting is a python list that contains regex strings of URIs that you to make them publicly available:
PUBLIC_PATHS = [ '^%s.*' % MEDIA_URL, # allow public access to any media on your application r'^/accounts/.*', # allow public access to all django-allauth views ]
r letter before the regular expression is optional and tells python that this is a regex not a normal python string,
re package can handel this itself.
also you can list exact URL in here.
The middleware will check every request and if URI of the request match with any of listed regular expressions, it will ignore checking for authentication.
It’s important to handel authentication of urls that are private but match with some of listed patterns.
For example user profile page (
/accounts/profile/) in above example should be login required:
- You can use
login_requireddecorator for such views.
- You can write more complex regex that ensures correct access rights.
If you manually add a
login_required decorator to view, and then list that view in settings,
the final final result will be login required.