# Django authentification and authorization

In Django you have different options of how to restrict parts of your website or certain functions of it to specific users or goups of users.

A very simple approach is to restrict access to cetain routes to authentificated users and redirect to the login page otherwise. In doing so one may restrict access to the page to users that do have an account or password. A login required middleware can be used [10].

However, typically one will target at restricting certain functions or contents of your website even if a user is logged in either based on the identity of the user (imagine editing one's profile in a social network) or a group he belongs to (such as the group of chatroom admins that may delete posts). Moreover, in many cases one would want allow guests (that are not authentificated) to access parts of the site.

Django offers different options to achieve the above said. Here we use the following approach:

1. We use the **login required decorator** to restrict guests (no authentification) from accessing certain sites or functions
2. We use **in template authentification checks to display different contents** depending on permissions (authorization)
3. We use **in method checks for permission dependant updates of contents etc** (if changes in database are made/permissions are changed; controller functions)
4. We use **in template checks for the navigation bar** such that links to pages for authentificated users only are not displayed (see below)

## Login required decorator

The login required decorator is used to limit access for guests.

In [None]:
from django.contrib.auth.decorators import login_required

@login_required
def private_function(request):
    # Do whatever is necessary here

## In template authentification checks

In [None]:
In your view:
{% if user.is_authenticated %}
<p>{{ user }}</p>
{% endif %}

# Sources and further reading:
1. https://stackoverflow.com/questions/3644902/how-to-check-if-a-user-is-logged-in-how-to-properly-use-user-is-authenticated
2. https://www.techiediaries.com/django-form-bootstrap/
3. https://stackoverflow.com/questions/54597938/bootstrap-4-responsive-card-grid-array
4. https://getbootstrap.com/docs/4.1/layout/grid/
5. https://getbootstrap.com/docs/4.3/components/card/
6. https://docs.djangoproject.com/en/3.0/topics/forms/
7. https://github.com/sibtc/django-multiple-user-types-example
8. https://simpleisbetterthancomplex.com/tutorial/2018/01/18/how-to-implement-multiple-user-types-with-django.html
9. https://github.com/wsvincent/django-auth-tutorial
10. https://www.youtube.com/watch?v=DbAzWll4UIA
