An important requirement is to give names to views and applications.
This is an implicit requirement if you expect to use all characteristics of
django_roles_access. This is necessary because the value used by
django_roles_access to identify the views to be protected is it’s name.
Also application name, or namespace, are used to get complete view name:
app_name:view_name.namespace:view_name.Despite what has been said above, you can also protect the view using it’s
name directly, if, and only if, no application name or namespace is given.
But if no application name is given; then the view security status will be
reported under Undefined app in checkviewaccess action.
Read more about Naming URL in official Django project documentation Naming URL. And examples can be found in Django project tutorial at Namespacing URL names.
When creating a django_roles_access.models.ViewAccess object, the
value of view attribute can be:
When a user try to access a view, and this access result in a forbidden action, is possible to setup different responses:
By default django_roles_access will response with
django.http.HttpResponseForbidden when the user has no access to the
view. This behavior can be changed if you add the attribute
DJANGO_ROLES_ACCESS_REDIRECT in settings files with a value equal to True:
...
DJANGO_ROLES_ACCESS_REDIRECT = True
...
The answer given to a user without access is a
django.http.HttpResponseRedirect to the value in settings.LOGIN_URL.
When django_roles_access answer with
django.http.HttpResponseForbidden, the message used by default is:
<h1>403 Forbidden</h1>; but this configuration can also be changed if a new
attribute named DJANGO_ROLES_ACCESS_FORBIDDEN_MESSAGE is added in the
settings file with the message to be returned instead of default one.
May 22, 2019