Django permissions checks at urlconf level?

Question

I've got a django app that has it's own urlconf included into the main one. Every page in this app is protected by a separate set of perms not granted to normal users. Think employees work view as opposed to users' profiles etc.

I'm using classed based views, so right now I've got the landing view's dispatch() checking perms, but with this method I'm going to have to do that for every view. That just isn't DRY.

So my options as I see them are:

• Create a mixin that specifically checks for this permission
• manually check using dispatch() in each view
• Somehow check at the url level

Is there any way to set a permission requirement on the entire url inclusion? They all currently have login_required() on.

Answer 1

Easy!

from django.contrib.auth.decorators import login_required

urlpatterns = patterns('',
    url(r'^foo/', login_required(include('foo.urls'))),
)

Update

You want to check user permissions, not user authentication. Easy too:

from django.contrib.auth.decorators import user_passes_test

urlpatterns = patterns('',
    url(r'^foo/', user_passes_test(lambda u: u.has_perm('perm'))(include('foo.urls'))),
)