The meat of
django-sudocomes from decorating your views with
@sudo_requiredmuch in the same way that
Let’s pretend that we have a page on our site that has sensitive information that we want to make extra sure that a user is allowed to see it:
from sudo.decorators import sudo_required @login_required # Make sure they're at least logged in @sudo_required # On top of being logged in, are you in sudo mode? def super_secret_stuff(request): return HttpResponse('your social security number')
That’s it! When a user visits this page and they don’t have the correct permission, they’ll be redirected to a page and prompted for their password. After entering their password, they’ll be redirected back to this page to continue on what they were trying to do.
SudoMixinprovides an easy way to sudo a class-based view. Any view that inherits from this mixin is automatically wrapped by the
This works well with the
from django.views import generic from braces.views import LoginRequiredMixin from sudo.mixins import SudoMixin class SuperSecretView(LoginRequiredMixin, SudoMixin, generic.TemplateView): template_name = 'secret/super-secret.html'
By default, you just need to add this into your
is_sudo()to the request.
process_response(self, request, response)¶
Controls the behavior of setting and deleting the sudo cookie for the browser.
Assigns a random token to the user’s session that allows them to have elevated permissions.
from sudo.utils import grant_sudo_privileges token = grant_sudo_privileges(request)
Revoke sudo privileges from a request explicitly
from sudo.utils import revoke_sudo_privileges revoke_sudo_privileges(request)
Check if a request is allowed to perform sudo actions.
from sudo.utils import has_sudo_privileges has_sudo = has_sudo_privileges(request)