Skip to main content

Disable Django database writes.

Project description

https://img.shields.io/github/workflow/status/adamchainz/django-read-only/CI/master?style=for-the-badge https://img.shields.io/pypi/v/django-read-only.svg?style=for-the-badge https://img.shields.io/badge/code%20style-black-000000.svg?style=for-the-badge pre-commit

Disable Django database writes.

Requirements

Python 3.6 to 3.9 supported.

Django 2.2 to 3.1 supported.


Are your tests slow? Check out my book Speed Up Your Django Tests which covers loads of best practices so you can write faster, more accurate tests.


Installation

Install with pip:

python -m pip install django-read-only

Then add to your installed apps:

INSTALLED_APPS = [
    ...,
    "django_read_only",
    ...
]

Usage

In your settings file, set DJANGO_READ_ONLY to True and all data modification queries will cause an exception:

$ DJANGO_READ_ONLY=1 python manage.py shell
...
>>> User.objects.create_user(username="hacker", password="hunter2")
...
DjangoReadOnlyError(...)

For convenience, you can also control this with the DJANGO_READ_ONLY environment variable, which will count as True if set to anything but the empty string. The setting takes precedence over the environment variable.

During a session with DJANGO_READ_ONLY set on, you can re-enable writes by calling enable_writes():

>>> import django_read_only
>>> django_read_only.enable_writes()

Writes can be disabled with disable_writes():

>>> django_read_only.disable_writes()

To temporarily allow writes, use the temp_writes() context manager / decorator:

>>> with django_read_only.temp_writes():
...      User.objects.create_user(...)

Note that writes being enabled/disabled is global state, affecting all threads and asynchronous coroutines.

How it Works

The most accurate way to prevent writes is to connect as a separate database user with only read permission. However, this has limitations - Django doesn’t support modifying the DATABASES setting live, so sessions would not be able to temporarily allow writes.

Instead, django-read-only uses always installed database instrumentation to inspect executed queries and only allow those which look like reads. It uses a “fail closed” philosophy, so anything unknown will fail, which should be fairly reasonable.

Because django-read-only uses Django database instrumentation, it cannot block queries running through the underlying database connection (accesses through django.db.connection.connection), and it cannot filter operations within stored procedures (which use connection.callproc()). These are very rare in practice though, so django-read-only’s method works well for most projects.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-read-only-1.2.0.tar.gz (12.5 kB view hashes)

Uploaded Source

Built Distribution

django_read_only-1.2.0-py3-none-any.whl (5.3 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page