Home/ Questions/Q 7777347
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T18:07:09+00:00

I have a Django project with several apps. I’d like to restrict a particular

  • 0

I have a Django project with several apps. I’d like to restrict a particular user’s access to only one specific app and at the time of the user’s creation, i.e. without having to say modify every method of views.py with decorators such as @permission_required.

Is this possible? That is, is it possible to declare that user ‘A’ can only use app ‘X’ without modifying any of app ‘Y’s code?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You could write some middleware that implements the process_view method, then check which app the view function belongs to.

    For example, this is one (potentially buggy) way you could do it:

    class RestrictAppMiddleware(object):
    def process_view(self, request, view_func, *args, **kwargs):
        view_module = view_func.__module__
        allowed_apps = apps_visible_to_user(request.user)
        if not any(app_name in view_module for app_name in allowed_apps):
            return HttpResponse("Not authorized", status=403)

    Obviously you’d need to improve on the heuristic (ex, this one will allow users with access too “foo” view “foobar” as well) and consider apps which rely on Django built-in views (ex, direct_to_template)… But this is the way I’d do it.

    • 0