I was recently a bit frustrated with my choices for locking down a site with Django so that nobody could see it. Well – that’s not tree, I wanted some people to be able to see it. Just not anyone…
After looking around a while, I spotted a solution that used Django Middleware to direct anyone who wasn’t logged in to a registration page. That provided the inspiration for a slightly different solution: I wanted to lock down the site to anyone (accounts or not) except for those folks who came through a beta signup process. I didn’t nessecarily want to “register” those folks with the site – and in fact, the first cut was simply “make them give me a password to get in” sort of thing.
The result was the following code:
First – the middleware: