How to set user access restrictions in Django
first question. Is there a way to set access rights for a function without giving a conditional expression in django template?
Currently, the code below is the code I wrote. If user click the "Click" text, a modal window is created depending on the condition, and if the condition is not met, a message window indicating that you do not have access rights is displayed. However, I think it is unnecessary to enter these conditions every time.
{% if request.user.first_name in class.teacher|split:"/" %}
<div data-toggle="modal" data-target="#relation_{{ class.id }}" class-id="{{ class.id }}">Click</div>
{% else %}
<a onclick="alert('You do not have access rights..');" class="col-form-label col-10 show-whitespace" style="cursor:pointer">Click</a>
{% endif %}
Second question. This example is similar. Through the conditional expression in the template, if the job of the current login account is 'principal', the Principal button is displayed. If it is not the principal job, the Principal button is not displayed on the screen. However, even if it is not a principal, user can connect by entering the '/class/principal/list' url directly. Is there a workaround?
{% if job_title == 'principal' %}
<a class="btn nav-link nav-link-button" href="/class/principal/list">
<span>principal</span>
</a>
{% else %}
<a class="btn nav-link disabled nav-link-button" href="/class/principal/list">
<span>principal</span>
</a>
{% endif %}