Use Djangos custom template tags to create beatiful code to check for permissions (and other stuff) in your Django templates.

1. Django
user permissions
in your templates
A nice little Django template tag pattern

2. The task
On the frontend
display an “edit” link
for the owner of an object and
for super users.

3. Version A
{% if user.is_authenticated %}
{% if user.is_superuser %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% else %}
{% if my_obj.user == user %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% endif %}
{% endif %}
{% endif %}

4. Version A
{% if user.is_authenticated %}
{% if user.is_superuser %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% else %}
{% if my_obj.user == user %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% endif %}
{% endif %}
{% endif %}

5. Version B
{% if user.is_authenticated and my_obj.user == user or
user.is_superuser %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% endif %}

6. Version B
{% if user.is_authenticated and my_obj.user == user or
user.is_superuser %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% endif %}

7. Version C
{% if user|can_edit:my_obj %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% endif %}

8. Version C
{% if user|can_edit:my_obj %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% endif %}
Way better!

9. Version C:
{% if user|can_edit:my_obj %}
<a href="{% url 'my_obj:edit' my_obj.id %}">
Edit object
</a>
{% endif %}

10. The custom template tag
from django import template
register = template.Library()
@register.filter
def can_edit(user, obj):
user_can_edit = False
if user.is_authenticated:
if user.is_superuser:
user_can_edit = True
else:
if obj and obj.user and obj.user == user:
user_can_edit = True
return user_can_edit

11. More applications for this pattern
{% if user|can_delete:my_object %}
{% if user|is_in_group:group %}
{% if event|is_attended_by:user %}
{% if user|has_been_at:place %}
{% if place|is_in_favorites_of:user %}
{% if article|has_been_flagged_by:user %}

12. Thank you for listening!
Anton Pirker
anton@ignaz.at
@antonpirker
Slides
slideshare.net/apirker
Blog post
http://www.anton-pirker.at/django-user-permissions-in-your-
templates/