A tool to analyze your Django app access control
Project description
Django Access Inspector
Django Access Inspector is a comprehensive access control app for Django that helps you enforce fine-grained access control on your views. It provides a flexible and easy-to-use interface to check and analyze authentication and permission classes for each view in your Django project.
Installation
To install Django Access Inspector, you can use pip, poetry, or uv. Here are the commands:
pip install django-access-inspector
poetry add django-access-inspector
uv add django-access-inspector
After installing, make sure to add "django_access_inspector" to your INSTALLED_APPS setting in your Django project's settings.py file:
INSTALLED_APPS = [
...,
"django_access_inspector",
]
Usage
Basic Usage
To run Django Access Inspector, use the following command:
python manage.py inspect_access_control
By default, it will provide a human-readable output. If you prefer a JSON output, you can use the --output json flag:
python manage.py inspect_access_control --output json
CI Mode
Django Access Inspector supports a CI mode that helps ensure your application's access control remains secure over time. This mode uses snapshots to track the current state of your endpoints and fails if new unauthenticated or unchecked endpoints are introduced.
Generating a Snapshot
First, generate a baseline snapshot of your current access control state:
python manage.py inspect_access_control --snapshot baseline.json
This will save the current state of all your endpoints to a JSON file.
Running in CI Mode
In your CI pipeline, use the snapshot to validate that no new security issues have been introduced:
python manage.py inspect_access_control --ci --snapshot baseline.json
The command will:
- Compare the current analysis with the saved snapshot
- Exit with code 0 if no new security issues are found
- Exit with code 1 if new unauthenticated or unchecked endpoints are detected
- Display detailed information about any changes found
This is particularly useful in CI/CD pipelines to prevent introducing new security vulnerabilities.
Debug Mode
When you need to troubleshoot authentication detection issues, you can enable detailed debug logging:
python manage.py inspect_access_control --debug
Debug mode provides detailed information about:
- URL pattern extraction process
- View function discovery and analysis
- Authentication and permission detection logic
- Categorization decisions for each endpoint
- Detailed analysis of Django and DRF authentication mechanisms
This helps you understand why certain endpoints might be categorized as "unchecked" and allows you to verify that the tool correctly identifies your authentication setup.
Example
Here's an interpretation of the output:
- Unchecked views: Views that Django Access Inspector was not able to check. As the tool is still a work in progress, we aim to make it check all views in the future.
- Model Admin views: Views generated by Django Admin that are checked with the Django Admin permission system.
- Views: All views that Django Access Inspector was able to check, including their authentication and permission classes.
Coding Agent Integration
Django Access Inspector can be used with coding agents (Claude Code, Cursor, etc.) via a bundled skill or directly through the CLI.
Using the django-access-audit Skill
A ready-to-use Claude Code skill is included in docs/skills/django-access-audit/. Copy it into your project:
cp -r docs/skills/django-access-audit/ .claude/skills/django-access-audit/
Then invoke the skill from your coding agent to get a structured security audit of your endpoints.
Using the CLI Directly
Coding agents can also use the CLI command directly to get JSON output:
python manage.py inspect_access_control --output json
The JSON output includes authenticated, unauthenticated, unchecked, and admin endpoints with their permission and authentication classes. Agents can parse and analyze this output to provide security recommendations.
Migrating from MCP Server
The MCP server (start_mcp_server command) was removed in v0.5.0. If you previously used the MCP server:
- Remove any MCP server configuration from your editor
- Use the
django-access-auditskill or the CLI command directly instead - The
fastmcpdependency is no longer required
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file django_access_inspector-0.5.0.tar.gz.
File metadata
- Download URL: django_access_inspector-0.5.0.tar.gz
- Upload date:
- Size: 34.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2ac992dac47056f37d4be12c3e490f9b7e03fcd93a50f9222004a42afff4b634
|
|
| MD5 |
84f0b235c374338ed4782edad6d4de4f
|
|
| BLAKE2b-256 |
66313f70cec37f8dbe9e22adcd60d77407c952f1174c037cc314df582b6db194
|
File details
Details for the file django_access_inspector-0.5.0-py3-none-any.whl.
File metadata
- Download URL: django_access_inspector-0.5.0-py3-none-any.whl
- Upload date:
- Size: 46.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
de37a5eebe02ed3977e6a0ebd5fd2de59b859fdc773ee6d6a9683d96d2e377df
|
|
| MD5 |
374d66d9f7fab46030fafc6934071e2d
|
|
| BLAKE2b-256 |
157b0d6342e944fa315d76584705452d78385d84b2757355951336028c82b01b
|
