tags:

views:

444

answers:

3
Q: 

Django middleware to determine user's group in a session

I have an app that uses django.contrib.auth but makes no use of Django's built-in permissions system. Instead, views have the @login_required decorator and then check which group the user belongs to, and follow different branches of code execution within the view depending on the group.

A user can belong to only one group.

Checking for the user's group everytime seems to be too much, so I am trying to write a Django middleware that will let me know the user's group in a session.

Looking at the code below, will my middleware work like I want it to?

class SetGroupMiddleware(object):
    def process_request(self, request):
        check_if_already_set = request.session.get('thegroup', 'notset')
        if check_if_already_set == 'notset':
            if request.user.id: # User is not AnonymousUser
                groups = request.user.groups.all()
                if groups: # actually this will always be True
                    request.session['thegroup'] = str(groups[0].name) # flowchart of the app ensures that the logged in user will only have one group, and that the user will always have a group
            else:
                request.session['thegroup'] = 'nogroup' # for completeness

I then intend to check request.session['thegroup'] where needed.

Need your suggestions and opinions. Is the session safe if handled this way? Will this work at all? I am new at Django, Python, and programming in general.

Thanks.

A: 

It looks approximately correct (not having tested it). One thing to note is that your middleware must occur after django.contrib.sessions.middleware.SessionMiddleware in the MIDDLEWARE_CLASSES list, otherwise the session won't have been setup for you at the time you try to reference it.

Peter Rowell  2009-12-11 20:13:33
So if this goes after the SessioonMiddleware, do I explicitly need to mark the session dirty? Or will the session framework detect and save this information automatically?
gbsmith  2009-12-11 20:18:03
Because you're modifying the session directly, you don't need to explicitly save it. See: http://docs.djangoproject.com/en/dev/topics/http/sessions/#when-sessions-are-saved
Steve Losh  2009-12-11 20:22:35
A: 

In general it looks good. You can make it a bit more Pythonic though:

class SetGroupMiddleware(object):
    def process_request(self, request):
        if 'thegroup' not in request.session:
            if not request.user.is_anonymous():
                groups = request.user.groups.all()
                if groups:
                    request.session['thegroup'] = str(groups[0].name)
            else:
                request.session['thegroup'] = None # for completeness
Steve Losh  2009-12-11 20:21:23
Peter Rowell's answer about the order of middleware was very important, but I'm going to mark your answer as the accepted answer because of how you have refined my (obviously newbie) code.
gbsmith  2009-12-12 05:15:34
Well, if a user starts out as anonymous (which mostly is the case), then with the current code request.session['thegroup'] does not get updated upon login. I will try to debug that and if I can, I'll post it here.
gbsmith  2009-12-14 10:44:10
A: 

Well, as I commented in Steve Losh's answer , that code doesn't work as intended.

I modified it as follows and it seems to be OK till now: - 

class SetGroupMiddleware(object):
    def process_request(self, request):
        if not request.user.is_anonymous():
            if 'thegroup' not in request.session:
                groups = request.user.groups.all()
                if groups:
                    request.session['thegroup'] = str(groups[0].name)
gbsmith  2009-12-14 12:06:09

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django