# Decorators
Django decorators are a powerful feature that allows you to modify the behavior of functions or methods in a clean and reusable way. They are often used for tasks such as authentication, logging, and caching.
Django provides several built-in decorators, and you can also create your own custom decorators. Here are some commonly used Django decorators:
 **Authentication and Permission Decorators**:
 - `@login_required`: Ensures that the user is authenticated before accessing a view. If the user is not authenticated, they are redirected to the login page.
    ```python
    from django.contrib.auth.decorators import login_required
        @login_required
        def my_view(request):
            ...
    ```
 - `@permission_required('app_label.permission_codename')`: Checks if the user has a specific permission before allowing access to a view.
    ```python
    from django.contrib.auth.decorators import permission_required
        @permission_required('myapp.view_mymodel')
        def my_view(request):
            ...
    ```
 - `@user_passes_test(test_func)`: Allows access to a view only if the user passes a given test function.
    ```python
    from django.contrib.auth.decorators import user_passes_test
        def is_in_group(user):
            return user.groups.filter(name='mygroup').exists()
        @user_passes_test(is_in_group)
        def my_view(request):
            ...
    ```
 **HTTP Method Decorators**:
 - `@require_http_methods(["GET", "POST"])`: Restricts access to a view to specific HTTP methods.
    ```python
    from django.views.decorators.http import require_http_methods
        @require_http_methods(["GET", "POST"])
        def my_view(request):
            ...
    ```
 - `@require_GET`: Allows only GET requests to a view.
    ```python
    from django.views.decorators.http import require_GET
        @require_GET
        def my_view(request):
            ...
    ```
 - `@require_POST`: Allows only POST requests to a view.
    ```python
    from django.views.decorators.http import require_POST
        @require_POST
        def my_view(request):
            ...
    ```
 - `@require_safe`: Allows only safe methods (GET and HEAD) to a view.
    ```python
    from django.views.decorators.http import require_safe
        @require_safe
        def my_view(request):
            ...
    ```
 **CSRF Protection Decorators**:
 - `@csrf_protect`: Ensures that a view is protected against Cross-Site Request Forgery (CSRF) attacks.
    ```python
    from django.views.decorators.csrf import csrf_protect
        @csrf_protect
        def my_view(request):
            ...
    ```
 - `@csrf_exempt`: Exempts a view from CSRF protection.
    ```python
    from django.views.decorators.csrf import csrf_exempt
        @csrf_exempt
        def my_view(request):
            ...
    ```
 - `@ensure_csrf_cookie`: Ensures that a CSRF cookie is set on the response.
    ```python
    from django.views.decorators.csrf import ensure_csrf_cookie
        @ensure_csrf_cookie
        def my_view(request):
            ...
    ```
 **Cache Decorators**:
 - `@cache_page(timeout)`: Caches the output of a view for a specified amount of time (in seconds).
    ```python
    from django.views.decorators.cache import cache_page
        @cache_page(60 * 15)  # Cache for 15 minutes
        def my_view(request):
            ...
    ```
 - `@never_cache`: Prevents a view from being cached.
    ```python
    from django.views.decorators.cache import never_cache
        @never_cache
        def my_view(request):
            ...
    ```
 - `@cache_control(**kwargs)`: Allows you to set cache control headers on a view.
    ```python
    from django.views.decorators.cache import cache_control
        @cache_control(no_cache=True, must_revalidate=True)
        def my_view(request):
            ...
    ```
 **Vary Header Decorator**:
 - `@vary_on_headers(*headers)`: Adds Vary headers to the response based on the specified request headers.
    ```python
    from django.views.decorators.vary import vary_on_headers
        @vary_on_headers('User-Agent')
        def my_view(request):
            ...
    ```
 - `@vary_on_cookie(*cookie_names)`: Adds Vary headers to the response based on the specified cookies.
    ```python  
        from django.views.decorators.vary import vary_on_cookie
            @vary_on_cookie('my_cookie')
            def my_view(request):
                ...
    ```

**Compression Decorator**:
 - `@gzip_page`: Compresses the response of a view using Gzip if the client supports it.
    ```python
    from django.views.decorators.gzip import gzip_page
        @gzip_page
        def my_view(request):
            ...
    ```
 **Debug and Security Decorators**:
 - `@sensitive_post_parameters(*parameters)`: Marks certain POST parameters as sensitive so they are not logged.
    ```python
    from django.views.decorators.debug import sensitive_post_parameters
        @sensitive_post_parameters('password', 'credit_card_number')
        def my_view(request):
            ...
    ```
 - `@sensitive_variables(*variables)`: Marks certain variables as sensitive so they are not included in error reports.
    ```python
    from django.views.decorators.debug import sensitive_variables
        @sensitive_variables('secret_key')
        def my_view(request):
            ...
    ```
 **Utility Decorators**:
 - `@require_secure`: Redirects HTTP requests to HTTPS.
    ```python
    from django.views.decorators.security import require_secure
        @require_secure
        def my_view(request):
            ...
    ```
 - `@xframe_options_deny`: Prevents a view from being displayed in a frame or iframe.
    ```python
    from django.views.decorators.clickjacking import xframe_options_deny
        @xframe_options_deny
        def my_view(request):
            ...
    ```
 - `@xframe_options_sameorigin`: Allows a view to be displayed in a frame or iframe only if the origin is the same.
    ```python
    from django.views.decorators.clickjacking import xframe_options_sameorigin
        @xframe_options_sameorigin
        def my_view(request):
            ...
    ```
 - `@xframe_options_exempt`: Exempts a view from X-Frame-Options protection.
    ```python
    from django.views.decorators.clickjacking import xframe_options_exempt
        @xframe_options_exempt
        def my_view(request):
            ...
    ```
 - `@require_fresh_login`: Ensures that the user has recently authenticated before accessing a view.
    ```python
    from django.contrib.auth.decorators import require_fresh_login
        @require_fresh_login
        def my_view(request):
            ...
    ```
 - `@method_decorator`: Used to apply decorators to class-based views.
    ```python
    from django.utils.decorators import method_decorator
        from django.views import View   
        class MyView(View):
            @method_decorator(login_required)
            def get(self, request, *args, **kwargs):
                ...
    ```

## Creating Custom Decorators
You can also create your own custom decorators in Django. Here's a simple example of a custom decorator that logs the execution time of a view:
- In the example below, the @wraps decorator from the functools module is used to preserve the original function's metadata like __name__ , __docstring__ , __module__ etc.
- You can stack multiple decorators on a single view by applying them one after the other, either using the @ syntax or by nesting them.

In [None]:
from django.http import HttpResponse
from django.utils.decorators import method_decorator
import time
from functools import wraps

def log_execution_time(view_func):
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        start_time = time.time()
        response = view_func(request, *args, **kwargs)
        end_time = time.time()
        execution_time = end_time - start_time
        print(f"Execution time for {view_func.__name__}: {execution_time} seconds")
        return response
    return _wrapped_view

# Example usage with a function-based view
@log_execution_time
def my_view(request):
    # Simulate a view processing time
    time.sleep(2)
    return HttpResponse("Hello, World!")

# Example usage with a class-based view
from django.views import View

# the name 'dispatch' ensures all HTTP methods are decorated
# other options include decorating individual methods like get, post, etc.
@method_decorator(log_execution_time, name='dispatch')
class MyClassBasedView(View):
    def get(self, request, *args, **kwargs):
        # Simulate a view processing time
        time.sleep(2)
        return HttpResponse("Hello from Class-Based View!") 
    

In [None]:
## A decorator that takes multiple arguments for role-based access control
def role_required(*roles):
    def decorator(view_func):
        @wraps(view_func)
        def _wrapped_view(request, *args, **kwargs):
            user_role = getattr(request.user, 'role', None)
            if user_role not in roles:
                return HttpResponse("Forbidden", status=403)
            return view_func(request, *args, **kwargs)
        return _wrapped_view
    return decorator

## Example usage of role_required decorator
@role_required('admin', 'editor')
def protected_view(request):
    return HttpResponse("You have access to this view.")

In [None]:
## A decorator that takes multiple arguments for caching with parameters
from django.views.decorators.cache import cache_page

def cache_with_params(timeout, key_prefix=''):
    def decorator(view_func):
        return cache_page(timeout, key_prefix=key_prefix)(view_func)
    return decorator

## Example usage of cache_with_params decorator
@cache_with_params(timeout=60 * 15, key_prefix='my_view_cache_')
def cached_view(request):
    return HttpResponse("This is a cached view.")


## Advanced Decorator Patterns
- Decorator factories
- Conditional decorators
- Decorator composition
- Parameterized decorators
### Example: Decorator Factory

In [None]:
def require_role(role):
    def decorator(view_func):
        @wraps(view_func)
        def _wrapped_view(request, *args, **kwargs):
            if not hasattr(request.user, 'role') or request.user.role != role:
                return HttpResponse('Forbidden', status=403)
            return view_func(request, *args, **kwargs)
        return _wrapped_view
    return decorator

# Usage
@require_role('admin')
def admin_view(request):
    return HttpResponse('Admin only')

## Monitoring and Debugging Decorators
- Log decorator usage
- Track performance
- Debug decorator chains
### Example: Performance Monitoring Decorator

In [None]:
import logging
import time

logger = logging.getLogger(__name__)

def monitor_performance(view_func):
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        start = time.time()
        response = view_func(request, *args, **kwargs)
        duration = time.time() - start
        logger.info(f'{view_func.__name__} took {duration:.2f}s')
        return response
    return _wrapped_view

@monitor_performance
def monitored_view(request):
    time.sleep(1)
    return HttpResponse('Monitored')

## Testing Decorators
- Test decorator behavior
- Mock decorated functions
- Test decorator parameters
### Example: Testing a Decorator

In [None]:
from django.test import TestCase, RequestFactory
from django.contrib.auth.models import User
from django.http import HttpResponse

class DecoratorTest(TestCase):
    def setUp(self):
        self.factory = RequestFactory()
        self.user = User.objects.create_user(username='test', password='test')

    def test_login_required_decorator(self):
        from django.contrib.auth.decorators import login_required
        
        @login_required
        def protected_view(request):
            return HttpResponse('Protected')
        
        # Test unauthenticated request
        request = self.factory.get('/')
        response = protected_view(request)
        self.assertEqual(response.status_code, 302)  # Redirect to login
        
        # Test authenticated request
        request.user = self.user
        response = protected_view(request)
        self.assertEqual(response.status_code, 200)

## Best Practices
- Keep decorators simple and focused
- Use functools.wraps to preserve metadata
- Avoid side effects in decorators
- Document decorator behavior
- Test decorators thoroughly
- Consider performance impact

## Real-World Examples
- Rate limiting
- API versioning
- Feature flags
- A/B testing
### Example: Rate Limiting Decorator

In [None]:
from django.core.cache import cache
from django.http import HttpResponseTooManyRequests
import time

def rate_limit(requests_per_minute=60):
    def decorator(view_func):
        @wraps(view_func)
        def _wrapped_view(request, *args, **kwargs):
            key = f'rate_limit_{request.user.id if request.user.is_authenticated else request.META.get("REMOTE_ADDR")}'
            requests = cache.get(key, [])
            now = time.time()
            # Remove old requests
            requests = [req for req in requests if now - req < 60]
            if len(requests) >= requests_per_minute:
                return HttpResponseTooManyRequests('Rate limit exceeded')
            requests.append(now)
            cache.set(key, requests, 60)
            return view_func(request, *args, **kwargs)
        return _wrapped_view
    return decorator

@rate_limit(requests_per_minute=10)
def api_view(request):
    return HttpResponse('API response')