django-plotly-dash icon indicating copy to clipboard operation
django-plotly-dash copied to clipboard

Published 20 hours ago verified publisher icon GibbsConsulting

Django Plotly Dash Authentication

Open FinntHove opened this issue 9 months ago • 2 comments

Hi,

We are trying to implement a Dash app into our Django application using Django Plotly Dash. This works well but we are having trouble getting the correct way of handling authentication.

In our Django app we have projects, for each project a separate dashboard is created. The dashboards are unique generated with a python template and configuration settings saved in a separate Django model (e.g. to change the text inside a dashboard based on the project name). A project and therefore the dashboard should only be accessible by a specific set of users.

The dash app constructed in the corresponding Django view function (it is named "ExampleDashboardApp") and embedded directly into the template: {% plotly_direct name="ExampleDashboardApp" %}. This means the dash app is accessible via the url /django_plotly_dash/app/ExampleDashboardApp/ for any user which also means the data displayed in the app is available here.

Some things we considered:

  • Adding a view decorator: this works by checking if the user is logged in but it is not possible to do the check if the user can access the project
  • DashApp model: we were thinking about extending this with project information, but could not find where and how the model is created
  • Creating a unique name: create a app with a unique name for each user or project and check access this way (for example using the view decorator)

What is the best or intended approach for such a thing? I have looked through the documentation and forum post but could not find a solution.

Thanks in advance!

FinntHove avatar Feb 27 '25 13:02 FinntHove

@FinntHove have you looked at view decoration - it was added for this sort of fine-grained control.

GibbsConsulting avatar Feb 28 '25 00:02 GibbsConsulting

Thank you, for your response. We have indeed looked at view decoration and tested with it. We assumed it is not possible to supply arguments of the view the dash app is embedded in to the view decorator. Or modify the url patterns of django dash to for example contain the primary key of another model. Is that a correct assumption?

Right now we are thinking about creating a unique app for each project model instance and then checking the access based on the name of slug. Is that also the intended/good approach?

FinntHove avatar Mar 03 '25 08:03 FinntHove