[Django] #36084: Add a `role_required` decorator to Django's authentication system for role-based access control.

[Django]

#36084: Add a `role_required` decorator to Django's authentication system for 
role-
based access control.
-------------------------------------+-------------------------------------
     Reporter:  H_coder              |                     Type:  New
                                     |  feature
       Status:  new                  |                Component:
                                     |  contrib.auth
      Version:  5.1                  |                 Severity:  Normal
     Keywords:  auth, decorator,     |             Triage Stage:
  feature                            |  Unreviewed
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
 == ''role_required'' decorator:

 Currently, Django provides decorators like **@login_required** and
 **@permission_required** to restrict view access. However, there is no
 built-in support for role-based access control, which is a common
 requirement for many applications.

 This ticket proposes adding a new `role_required` decorator that allows
 developers to restrict access to views based on user roles. The decorator
 will:
 - Check if the user has one or more specified roles.
 - Support both "any role" (`test_all=False`) and "all roles"
 (`test_all=True`) modes.
 - Redirect unauthorized users to the login page or a custom URL.

 This feature will make it easier for developers to implement role-based
 access control without writing custom decorators.

 ==  Example Use Case
 A marketplace application might have roles like `is_seller`, `is_buyer`,
 and `is_admin`. The `role_required` decorator can be used to restrict
 access to specific views:

 {{{
 from django.contrib.auth.decorators import role_required

 @role_required(['is_seller'])
 def seller_dashboard(request):
     # Only users with the 'is_seller' role can access this view.
     pass

 @role_required(['is_admin', 'is_moderator'], test_all=True)
 def admin_dashboard(request):
     # Only users with both 'is_admin' and 'is_moderator' roles can access
 this view.
     pass
 }}}
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36084>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/0107019454e1c07b-d420e8d3-72da-49ff-b190-1fb123c5d2df-000000%40eu-central-1.amazonses.com.