I needed an easy way to toggle the entire site to private/authenticated users only
The login required decorator would necessitate editing the code in multiple places constantly, so this is my middleware solution. What are more experienced Django users thoughts, and what could I do to improve, or perhaps use an entirely different method.
To toggle this on and off, a simple True or False is placed in settings.py after PRIVATE_SITE.
from django.conf import settings
from django.http import HttpResponsedef private_site_toggle(get_response):
“”"
Middleware to control access to a private site.
“”"def middleware(request): """ Check if the site is in private mode and deny access to unauthenticated users. """ # Exclude specific URLs from the private mode check if should_exclude_url(request): return get_response(request) if settings.PRIVATE_SITE and not request.user.is_authenticated: return HttpResponse("Access Denied.", status=403) return get_response(request) return middleware
def should_exclude_url(request):
“”"
Check if the current URL should be excluded from the private mode check.
“”"excluded_urls = [ "/admin/login/", ] for url in excluded_urls: if request.path.startswith(url): return True return False