i’m completely new to the django eco system, coming from flask.
what i want (and don’t know how to accomplish) is to put some restrictions to a set of urls: x/<uuid>/images
x/<uuid>/imageupload
and others should only work, if uuid
can be found in the database and is still valid.
in flask i would probably use a blueprint, but this concept does not seem to exist in django, right?
what i like about the blueprint concept is, that it’s not possible to add a url under the x/<uuid>
“namespace” and forgetting about the auth mechanism, as this is handled for all urls in the blueprint.
how would you handle this in django?
i’ve already learned about apps and a custom middleware, but this looks quite complicated on first sight? as the middleware always intercepts all requests, and i would have to check on my own if this is a request to x/<uuid>
?
i’ve also looked at existing apps, and django-rq uses the statt_member_required
decorator for each view. i will probably build something like that, but i would be more confident if i could apply this to the whole app, instead of having to decorate each function.
In django you will typically define the url pattern with
uuid
being a keyword path parameter, and in the view code you can useget_object_or_404(Model, uuid=kwargs['uuid'])
. This way the user will see a standard 404 page if they attempt to view a page with uuid that does not exist.Of course, if you use class based views, you can extend detail view based off uuid, and the base class with handle the 404 page for you, so there’ll be no need for
get_object_or_404
. I am assuming you will want to use class based views for this so you can extract the common functionality into a base class or a mixin and reuse it in a number of views.EDIT: I may have misunderstood the question wrong originaly. It looks like you want to bypass authentication for a subset of urls (or views). Authentication is not required by default in django, you can add
LoginRequiredMixin
(or a decorator) to your view, so not including the mixin would be a way to bypass the login requirement. Do you want to share relevant parts of your code for better suited advice?thanks for the fast answer!i think you understood it correctly. i want a public page, but certain things should only be accessed when you created a session/uuid beforehand.
class based views sound interesting. will probably use this. thanks again.
i have to think about, if i can tolerate the uuid being a query parameter of the url… somehow i like the uuid being part of the url better.
never the less. thanks a lot!
yeah it should definitely be part a of the url. It will be if you define a parametrized url. More details in the documentation https://docs.djangoproject.com/en/5.1/topics/http/urls/#url-dispatcher