Skip to main content

A django application that associates Groups with Terms requiring consent from logged in members.

Project description

Build Status Coverage Status Updates Code style: black

Python Versions Django Versions Database Window Functions

Let's Agree


  • Terms versioning in "deque-style" with maxlen=1.
  • Per-Group Term association, per-User Term acceptance for each Group a user belongs to.
  • Max 1 query, either per request or per day for each logged-in user.
  • Multi-language ready.
  • Freedom for each user to withdraw consent at any time.


django-letsagreeis the result of an effort to follow the spirit of The EU General Data Protection Regulation (GDPR).

A logged in user can belong to one or more Groups.

If one or more Groups are associated with django-letsagree, all users that login as members of those Groups will be asked to provide their consent to the Terms related with each Group. This action, will be recorded in the database.

The Terms associated with a Group, can be updated with newer versions.

Such a decision will trigger again the mechanism which asks for the consent of each user before allowing any other operation on the site.

If the user does not provide consent, the following actions are only allowed:

  • Logout.
  • View and delete all instances of own consent provided.
  • View all Terms



  1. pip install django-letsagree

  2. project/

        'letsagree.middleware.LetsAgreeMiddleware',  # Near the end of the list
  3. <project> is the name of the project that hosts django-letsagree


        'letsagree': '<project>.3p_migrations.letsagree',
  4. Make sure LANGUAGES are properly set as explained in the Translation section. The default implementation will create as many fields as the number of LANGUAGES Django has set by default.

  5. project/

    urlpatterns = [
            path('path/to/letsagree/', include('letsagree.urls')),
  6. Create the migrations:

    ./ makemigrations letsagree
    ./ migrate

Notes on installation

  • django-letsagree itself does not come with any migrations. It is recommended that you add migrations for its models in your project and avoid using the word migrations as the name of the folder.

    The relevant Django setting is MIGRATION_MODULES. In the above example, we store migrations inside <project>/<project>/3p_migrations.


Default Settings

LETSAGREE_LOGOUT_APP_NAME = ''  (Deprecated -> default value was 'admin')
LETSAGREE_LOGOUT_URL = 'admin:logout'

Database queries

The middleware generates one database query per request in order to make sure that the user has agreed to all the terms related with the Group(s) he belongs to.

If LETSAGREE_CACHE = True, Django's Cache Framework will be used and only one database query will be generated by the middleware, every 24 hours.

LETSAGREE_CACHE is not enabled by default, because it exposes the unique id for each user by creating a cache record with key 'letsagree-<user id>'.

Tip: nshafer/django-hashid-field, is a library that obscures unique ids, without compromising their uniqueness.

Update: ericls/django-hashids is another non-intrusive library that proxies the field that is applied to.

Both libraries, however, are based on which is not capable of encrypting sensitive data.


Watch your LANGUAGES!


By default lestagree installs django-translated-fields to cater for translating the title, summary and content fields of the Term model. This library will create separate fields for each entry in the LANGUAGES list.

The first entry of this list is considered as the "default language". The relevant database field is marked as blank=False and it serves as a fallback value. This value is returned if an entry for the requested language does not exist.

All other fields that are related with the rest of the languages in the LANGUAGES list are marked as blank=True and can stay empty.

Although the LANGUAGE_CODE setting is not directly related with letsagree or django-translated-fields it is strongly recommended to match the first language in the LANGUAGES setting.


LANGUAGES = (('fr', 'French'), ('en', 'English'))

The model Term will include the following fields:

    'title_fr': {'blank': False},
    'title_en': {'blank': True},
    'summary_fr': {'blank': False},
    'summary_en': {'blank': True},
    'content_fr': {'blank': False},
    'content_en': {'blank': True},


All strings in django-letsagree are marked with one of the following ways which allow translation:

  • django.utils.translation.gettext_lazy('<string>')
  • {% trans "<string>" %}

Custom Form Assets

django-letsagree usesletsagree/pending.html template which extends admin/index.html. Through a FormView this template receives a Formset which includes all the Terms that should receive consent from the user.

LETSAGREE_CSS and LETSAGREE_JS when set, pass the relevant assets in the Media class of the Form that serves as the basis of the above mentioned Formset. The syntax is described in the relevant django documentation.

A good starting point could be the default css file provided by django-letsagree:

LETSAGREE_CSS = {'all': ('letsagree/letsagree.css',)}

Of course, one can completely override the templates.

In that case, bear in mind that if {{ empty_form }} is False, {{ form }} contains a formset.

Other settings

  • LETSAGREE_LOGOUT_URL: String that represents a namespaced URL.

    For example: 'admin:logout' is the default, it can be any string. If the url is not found, it fails silently resulting in the disappearance of the logout option.

  • LETSAGREE_BROWSER_TITLE: A title for the default template.

  • LETSAGREE_BORDER_HEADER: Text that will appear on the top left corner of the default template.


It is your responsibility to assign every new user to a Group associated with django-letsagree. This group should at least include the delete_notarypublic permission in case a user whishes to revoke his consent.

If all permissions for django-letsagree models are delegated to a group, the below table illustrates what actions are allowed for user, with either is_staff == True or is_superuser == True:

Actions superuser own entries superuser other entries admin-user own entries admin-user other entries
view_term True True True True
add_term True True
change_term False False False False
delete_term False False False False
view_notarypublic True True True False
add_notarypublic False False
change_notarypublic False False False False
delete_notarypublic True False True False

Term changelist contents

Users who have permission to add a new term, are allowed to read all the available terms. Otherwise, each user can only read the terms related to the group that he or she belongs to.

New Term Version

If two instances of Term associate with the same Group, the instance saved-last is the latest version. All logged in users have to provide consent for this latest version, independently of any previous consent they may have or have not given for the Terms associated with this Group.

django-letsagree takes into account if a logged-in user has provided consent only for the latest version of each Term associated with the Groups he belongs to. If not, the user can only logout or visit django-letsagree admin page retaining the right to delete any instances of consent he has provided.


To run the test suite, you need:

  • Virtualenv with tox installed.
  • PostgreSQL, MariaDB/MySQL databases with the same user, password, database name.
  • The following environment variables set: TOX_DB_NAME, TOX_DB_USER, TOX_DB_PASSWD.

Unfortunatelly, the test suite is rather complicated. Sorry!

Coverage: Not tested


1.1.9: Added support for Django-4.1 started testing for python-3.11.

1.1.8: Added support for Django-4.0 started testing for python-3.10, stopped testing for python-3.6 and python-3.7 (not supported by Django-4.0).

1.1.7: Added default_auto_field value to 'django.db.models.AutoField' for Django-3.2.

1.1.6: Fixed compatibility with Django-3.1

1.1.5: Fixed bug in LETSAGREE_LOGOUT_URL setting.


1.1.3: Locked to Django-3.0 until #39 is resolved

1.1.2: Added the ability to set a namespaced url in the "logout application name" setting.

1.1.1: AnonymousUser should not access letsagree urls (receives 404)

1.1.0: Refactored middleware for thread-safety

1.0.4: Added support for Django-3.0, dropped support for Django-2.1

1.0.3: Only users with add_perm can see all the Terms in changelist

1.0.2: Addressed codacy reports, updated readme, installed pyup, snyk

1.0.1: Added Travis, Coverage, LGTM, PyUp CI

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release. See tutorial on generating distribution archives.

Built Distribution

django_letsagree-1.1.9-py3-none-any.whl (19.4 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page