6. How to secure your views¶
Chances are that you don’t want to allow your users to browse all views of
the shop as anonymous users. If you set SHOP_FORCE_LOGIN
to True
, your
users will need to login before proceeding to checkout.
When you add your own shipping and payment backends you will want to add this
security mechanism as well. The problem is that the well known
@login_required
decorator will not work on class based views and it will
also not work on functions that are members of a class.
For your convenience we provide three utilities that will help you to secure your views:
6.1. @on_method decorator¶
This decorator can be wrapped around any other decorator. It should be used
on functions that are members of classes and will ignore the first parameter
self
and regard the second parameter as the first instead. More information
can be found here.
Usage:
from shop.util.decorators import on_method, shop_login_required
class PayOnDeliveryBackend(object):
backend_name = "Pay On Delivery"
url_namespace = "pay-on-delivery"
[...]
@on_method(shop_login_required)
def simple_view(self, request):
[...]
6.2. @shop_login_required decorator¶
This decorator does the same as Django’s @login_required decorator
. The only difference is that it checks for the SHOP_FORCE_LOGIN
setting.
If that setting is False
, login will not be required.
6.3. LoginMixin class¶
If you are using class based views for anything related to the shop you can use
shop.util.login_mixin.LoginMixin
to secure your views. More information
on this can be found
here.
We are using a slightly modified version of that
LoginMixin
that makes sure to check for the
SHOP_FORCE_LOGIN
setting.
Usage:
class CheckoutSelectionView(LoginMixin, ShopTemplateView):
template_name = 'shop/checkout/selection.html'
[...]