You can do this using Django middleware with HttpResponseForbidden
. It would look something like this:
from django.shortcuts import HttpResponseForbidden
class ForbiddenMiddleware(object):
"""
Don't give permissions for particular without admin
"""
def process_request(self, request):
if not request.user.is_superuser:
return HttpResponseForbidden("403 Forbidden , you don't have access")
return None
Note: The above middleware applies for all views.
If you want to restrict the check to a particular view, do this:
def my_view(request, ):
if not request.user.is_superuser:
return HttpResponseForbidden("403 Forbidden , you don't have access")
else:
# your render
Update 2020
In Django 3.0, you have to import the HttpReponseForbidden
class from http
, like this:
from django.http import HttpResponseForbidden