Role-based access control for Django, without the extra database tables.
django-minosse lets you define roles as Python classes, sync them to Django's built-in
Group model, and protect views with decorators or mixins — all on top of the
django.contrib.auth machinery you already have.
- Python 3.12+
- Django 5.0+
pip install django-minosseor with uv:
uv add django-minosseAdd "minosse" to INSTALLED_APPS, alongside the standard auth and contenttypes
apps that are already present in every Django project:
INSTALLED_APPS = [
...
"django.contrib.auth",
"django.contrib.contenttypes",
"minosse",
...
]Run python manage.py migrate at least once so the auth tables exist before calling
sync() or get_group().
# myapp/roles.py
from minosse.roles import AbstractRole, RoleRegistry
registry = RoleRegistry()
@registry.register
class EditorRole(AbstractRole):
group_name = "Editors"
available_permissions = {
"can_publish": True,
"can_edit": True,
"can_delete": False,
}
@registry.register
class ViewerRole(AbstractRole):
group_name = "Viewers"
available_permissions = {
"can_view_reports": True,
}from myapp.roles import registry
registry.sync() # call from a management command or AppConfig.ready()Function-based views:
from django.contrib.auth.decorators import login_required
from minosse.decorator import role_required, permission_required
from .roles import EditorRole
@login_required
@role_required(EditorRole)
def editor_dashboard(request):
...
@login_required
@permission_required("auth.can_publish")
def publish_article(request, pk):
...Class-based views:
from django.views.generic import TemplateView
from minosse.mixin import RoleRequiredMixin, PermissionRequiredMixin
from .roles import EditorRole
class EditorDashboardView(RoleRequiredMixin, TemplateView):
required_role_class = EditorRole
template_name = "editor/dashboard.html"
class PublishView(PermissionRequiredMixin, TemplateView):
required_permission_codename = "auth.can_publish"
template_name = "editor/publish.html"# Assign / remove
EditorRole.add_user_to_role(user)
EditorRole.remove_user_from_role(user)
# Check
if EditorRole.user_has_role(user):
...- Define roles as Python classes with declarative permission sets
- Sync roles and permissions to Django's
Group/Permissionmodels - Protect function-based views with
@role_requiredand@permission_required - Protect class-based views with
RoleRequiredMixinandPermissionRequiredMixin - Check roles and permissions in templates with
|canand|isfilters - Register roles centrally via
RoleRegistryfor bulk sync
Full documentation is available in the docs/ directory and can be served locally:
make docs-serveMIT