The meat of
django-elevatecomes from decorating your views with
@elevate_requiredmuch in the same way that
Let’s pretend that we have a page on our site that has sensitive information that we want to make extra sure that a user is allowed to see it:
from elevate.decorators import elevate_required @login_required # Make sure they're at least logged in @elevate_required # On top of being logged in, are you in Elevate mode? def super_secret_stuff(request): return HttpResponse('your social security number')
That’s it! When a user visits this page and they don’t have the correct permission, they’ll be redirected to a page and prompted for their password. After entering their password, they’ll be redirected back to this page to continue on what they were trying to do.
ElevateMixinprovides an easy way to elevate a class-based view. Any view that inherits from this mixin is automatically wrapped by the
This works well with the
from django.views import generic from braces.views import LoginRequiredMixin from elevate.mixins import ElevateMixin class SuperSecretView(LoginRequiredMixin, ElevateMixin, generic.TemplateView): template_name = 'secret/super-secret.html'
By default, you just need to add this to your
Subclass and override
has_elevated_privileges()if you’d like to override the default behavior of
is_elevated()to the request.
process_response(self, request, response)¶
Controls the behavior of setting and deleting the Elevate cookie for the browser.
Assigns a random token to the user’s session that allows them to have elevated permissions.
from elevate.utils import grant_elevated_privileges token = grant_elevated_privileges(request)
Revoke elevated privileges from a request explicitly
from elevate.utils import revoke_elevated_privileges revoke_elevated_privileges(request)
Check if a request is allowed to perform elevated actions.
from elevate.utils import has_elevated_privileges has_elevate = has_elevated_privileges(request)