{"id":6593,"library":"django-crum","title":"Django-CRUM","description":"Django-CRUM (Current Request User Middleware) captures the current request and user in thread local storage. It enables Django applications to check permissions, capture audit trails, or access the current request and user without requiring the request object to be passed directly. It also provides a context manager for temporarily impersonating another user. The current version is 0.7.9, released on November 10, 2020, and it is tested against various Django versions from 1.11 up to 4.0, and Python versions from 3.4 to 3.9.","status":"maintenance","version":"0.7.9","language":"en","source_language":"en","source_url":"https://github.com/ninemoreminutes/django-crum/","tags":["django","middleware","request","user","authentication","authorization","thread-local"],"install":[{"cmd":"pip install django-crum","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core framework dependency; django-crum is a Django middleware.","package":"Django"}],"imports":[{"symbol":"CurrentRequestUserMiddleware","correct":"from crum import CurrentRequestUserMiddleware"},{"symbol":"get_current_request","correct":"from crum import get_current_request"},{"symbol":"get_current_user","correct":"from crum import get_current_user"},{"symbol":"impersonate","correct":"from crum import impersonate"}],"quickstart":{"code":"# settings.py\nMIDDLEWARE = [\n    # ... other middleware ...\n    'crum.CurrentRequestUserMiddleware',\n    # ... other middleware that might need request/user ...\n]\n\n# myapp/models.py (example)\nfrom django.db import models\nfrom django.conf import settings\nfrom crum import get_current_user, get_current_request, impersonate\n\nclass AuditModel(models.Model):\n    created_at = models.DateTimeField(auto_now_add=True)\n    created_by = models.ForeignKey(\n        settings.AUTH_USER_MODEL, \n        on_delete=models.SET_NULL, \n        null=True, \n        blank=True,\n        related_name='created_%(class)ss'\n    )\n    last_modified_at = models.DateTimeField(auto_now=True)\n    last_modified_by = models.ForeignKey(\n        settings.AUTH_USER_MODEL, \n        on_delete=models.SET_NULL, \n        null=True, \n        blank=True,\n        related_name='modified_%(class)ss'\n    )\n    request_ip = models.GenericIPAddressField(null=True, blank=True)\n\n    def save(self, *args, **kwargs):\n        user = get_current_user()\n        request = get_current_request()\n        \n        if not self.pk: # Object is being created\n            if user and user.is_authenticated:\n                self.created_by = user\n        \n        # Always update last_modified_by\n        if user and user.is_authenticated:\n            self.last_modified_by = user\n        \n        # Capture IP address from request if available\n        if request:\n            self.request_ip = request.META.get('REMOTE_ADDR')\n\n        super().save(*args, **kwargs)\n\n    class Meta:\n        abstract = True\n\nclass MyItem(AuditModel):\n    name = models.CharField(max_length=255)\n\n    def __str__(self):\n        return self.name\n\n# Example of impersonation (e.g., in a background task or management command)\n# from django.contrib.auth import get_user_model\n# User = get_user_model()\n# special_user = User.objects.get(username='system_user') # An existing user\n# with impersonate(special_user):\n#    new_item = MyItem.objects.create(name='Automated Report')\n#    print(f\"Item '{new_item.name}' created by: {new_item.created_by.username}\")","lang":"python","description":"To use django-crum, first install the package. Then, add `CurrentRequestUserMiddleware` to your Django project's `MIDDLEWARE` setting. You can then import and use `get_current_request()`, `get_current_user()`, or the `impersonate()` context manager within your application code, for example, in model `save` methods or custom logic, to access the current request or user."},"warnings":[{"fix":"Thoroughly test django-crum within your specific Django and Python environment. Consider forking and maintaining compatibility if official updates are not released.","message":"The latest release (0.7.9) is from November 2020. While it explicitly mentions testing up to Django 4.0, newer Django versions (like 5.x, 6.x) and Python versions (3.10+) might not be fully supported or tested, which could lead to unexpected behavior or require manual compatibility adjustments.","severity":"gotcha","affected_versions":"<0.7.9 for recent Django/Python versions"},{"fix":"Understand the implications of thread-local storage in your deployment environment. For ASGI applications, ensure proper context propagation mechanisms are in place or consider alternative approaches if `django-crum` exhibits unexpected behavior.","message":"Django-CRUM relies on Python's thread-local storage to capture the current request and user. This approach is primarily designed for traditional WSGI (synchronous) environments. In modern asynchronous (ASGI) Django applications or highly concurrent multi-threaded setups, relying solely on thread-local storage without careful consideration of task/thread boundaries can lead to incorrect context or race conditions.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Monitor the GitHub repository for activity. If critical bugs or security vulnerabilities arise, be prepared to contribute fixes or seek alternative solutions.","message":"The project is still classified as 'Development Status :: 4 - Beta' on PyPI and has not seen a new release since November 2020. This indicates that it might not be actively maintained for new features or prompt bug fixes, and future breaking changes are possible (though less likely given its current maintenance state).","severity":"deprecated","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-15T00:00:00.000Z","next_check":"2026-07-14T00:00:00.000Z","problems":[]}