1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
|
.. figure:: https://travis-ci.org/mgrouchy/django-stronghold.png?branch=master
:alt: travis
Stronghold
==========
Get inside your stronghold and make all your Django views default
login\_required
Stronghold is a very small and easy to use django app that makes all
your Django project default to require login for all of your views.
WARNING: still in development, so some of the DEFAULTS and such will be
changing without notice.
Installation
------------
Install via pip.
.. code:: sh
pip install django-stronghold
Add stronghold to your INSTALLED\_APPS in your Django settings file
.. code:: python
INSTALLED_APPS = (
#...
'stronghold',
)
Then add the stronghold middleware to your MIDDLEWARE\_CLASSES in your
Django settings file
.. code:: python
MIDDLEWARE_CLASSES = (
#...
'stronghold.middleware.LoginRequiredMiddleware',
)
Usage
-----
If you followed the installation instructions now all your views are
defaulting to require a login. To make a view public again you can use
the public decorator provided in ``stronghold.decorators`` like so:
For function based views
~~~~~~~~~~~~~~~~~~~~~~~~
.. code:: python
from stronghold.decorators import public
@public
def someview(request):
# do some work
#...
for class based views (decorator)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code:: python
from django.utils.decorators import method_decorator
from stronghold.decorators import public
class SomeView(View):
def get(self, request, *args, **kwargs):
# some view logic
#...
@method_decorator(public)
def dispatch(self, *args, **kwargs):
return super(SomeView, self).dispatch(*args, **kwargs)
for class based views (mixin)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. code:: python
from stronghold import StrongholdPublicMixin
class SomeView(StrongholdPublicMixin, View):
pass
Configuration (optional)
------------------------
STRONGHOLD\_DEFAULTS
~~~~~~~~~~~~~~~~~~~~
Use Strongholds defaults in addition to your own settings.
**Default**:
.. code:: python
STRONGHOLD_DEFAULTS = True
You can add a tuple of url regexes in your settings file with the
``STRONGHOLD_PUBLIC_URLS`` setting. Any url that matches against these
patterns will be made public without using the ``@public`` decorator.
STRONGHOLD\_PUBLIC\_URLS
~~~~~~~~~~~~~~~~~~~~~~~~
**Default**:
.. code:: python
STRONGHOLD_PUBLIC_URLS = ()
If STRONGHOLD\_DEFAULTS is True STRONGHOLD\_PUBLIC\_URLS contains:
.. code:: python
(
r'^%s.+$' % settings.STATIC_URL,
r'^%s.+$' % settings.MEDIA_URL,
)
When settings.DEBUG = True. This is additive to your settings to support
serving Static files and media files from the development server. It
does not replace any settings you may have in
``STRONGHOLD_PUBLIC_URLS``.
Note: Public URL regexes are matched against
`HttpRequest.path\_info`_.
STRONGHOLD\_PUBLIC\_NAMED\_URLS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You can add a tuple of url names in your settings file with the
``STRONGHOLD_PUBLIC_NAMED_URLS`` setting. Names in this setting will be
reversed using ``django.core.urlresolvers.reverse`` and any url matching
the output of the reverse call will be made public without using the
``@public`` decorator:
**Default**:
.. code:: python
STRONGHOLD_PUBLIC_NAMED_URLS = ()
If STRONGHOLD\_DEFAULTS is True additionally we search for
``django.contrib.auth`` if it exists, we add the login and logout view
names to ``STRONGHOLD_PUBLIC_NAMED_URLS``
STRONGHOLD\_USER\_TEST\_FUNC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Optionally, set STRONGHOLD_USER_TEST_FUNC to a callable to limit access to users
that pass a custom test. The callback receives a ``User`` object and should
return ``True`` if the user is authorized. This is equivalent to decorating a
view with ``user_passes_test``.
**Example**:
.. code:: python
STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_staff
**Default**:
.. code:: python
STRONGHOLD_USER_TEST_FUNC = lambda user: user.is_authenticated
Compatiblity
------------
Tested with:
- Django 1.4.x
- Django 1.5.x
- Django 1.6.x
- Django 1.7.x
- Django 1.8.x
- Django 1.9.x
- Django 1.10.x
- Django 1.11.x
- Django 2.0.x
Contribute
----------
See CONTRIBUTING.md
.. _HttpRequest.path\_info: https://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpRequest.path_info
|
