Django-CRUM

0.7.9 · maintenance · verified Wed Apr 15

Django-CRUM (Current Request User Middleware) captures the current request and user in thread local storage. It enables Django applications to check permissions, capture audit trails, or access the current request and user without requiring the request object to be passed directly. It also provides a context manager for temporarily impersonating another user. The current version is 0.7.9, released on November 10, 2020, and it is tested against various Django versions from 1.11 up to 4.0, and Python versions from 3.4 to 3.9.

Warnings

gotcha The latest release (0.7.9) is from November 2020. While it explicitly mentions testing up to Django 4.0, newer Django versions (like 5.x, 6.x) and Python versions (3.10+) might not be fully supported or tested, which could lead to unexpected behavior or require manual compatibility adjustments.
Fix: Thoroughly test django-crum within your specific Django and Python environment. Consider forking and maintaining compatibility if official updates are not released.
gotcha Django-CRUM relies on Python's thread-local storage to capture the current request and user. This approach is primarily designed for traditional WSGI (synchronous) environments. In modern asynchronous (ASGI) Django applications or highly concurrent multi-threaded setups, relying solely on thread-local storage without careful consideration of task/thread boundaries can lead to incorrect context or race conditions.
Fix: Understand the implications of thread-local storage in your deployment environment. For ASGI applications, ensure proper context propagation mechanisms are in place or consider alternative approaches if `django-crum` exhibits unexpected behavior.
deprecated The project is still classified as 'Development Status :: 4 - Beta' on PyPI and has not seen a new release since November 2020. This indicates that it might not be actively maintained for new features or prompt bug fixes, and future breaking changes are possible (though less likely given its current maintenance state).
Fix: Monitor the GitHub repository for activity. If critical bugs or security vulnerabilities arise, be prepared to contribute fixes or seek alternative solutions.

Install

pip install django-crum Install stable version

Imports

CurrentRequestUserMiddleware

from crum import CurrentRequestUserMiddleware

get_current_request
```
from crum import get_current_request
```
get_current_user
```
from crum import get_current_user
```
impersonate
```
from crum import impersonate
```

Quickstart

To use django-crum, first install the package. Then, add `CurrentRequestUserMiddleware` to your Django project's `MIDDLEWARE` setting. You can then import and use `get_current_request()`, `get_current_user()`, or the `impersonate()` context manager within your application code, for example, in model `save` methods or custom logic, to access the current request or user.

# settings.py
MIDDLEWARE = [
    # ... other middleware ...
    'crum.CurrentRequestUserMiddleware',
    # ... other middleware that might need request/user ...
]

# myapp/models.py (example)
from django.db import models
from django.conf import settings
from crum import get_current_user, get_current_request, impersonate

class AuditModel(models.Model):
    created_at = models.DateTimeField(auto_now_add=True)
    created_by = models.ForeignKey(
        settings.AUTH_USER_MODEL, 
        on_delete=models.SET_NULL, 
        null=True, 
        blank=True,
        related_name='created_%(class)ss'
    )
    last_modified_at = models.DateTimeField(auto_now=True)
    last_modified_by = models.ForeignKey(
        settings.AUTH_USER_MODEL, 
        on_delete=models.SET_NULL, 
        null=True, 
        blank=True,
        related_name='modified_%(class)ss'
    )
    request_ip = models.GenericIPAddressField(null=True, blank=True)

    def save(self, *args, **kwargs):
        user = get_current_user()
        request = get_current_request()
        
        if not self.pk: # Object is being created
            if user and user.is_authenticated:
                self.created_by = user
        
        # Always update last_modified_by
        if user and user.is_authenticated:
            self.last_modified_by = user
        
        # Capture IP address from request if available
        if request:
            self.request_ip = request.META.get('REMOTE_ADDR')

        super().save(*args, **kwargs)

    class Meta:
        abstract = True

class MyItem(AuditModel):
    name = models.CharField(max_length=255)

    def __str__(self):
        return self.name

# Example of impersonation (e.g., in a background task or management command)
# from django.contrib.auth import get_user_model
# User = get_user_model()
# special_user = User.objects.get(username='system_user') # An existing user
# with impersonate(special_user):
#    new_item = MyItem.objects.create(name='Automated Report')
#    print(f"Item '{new_item.name}' created by: {new_item.created_by.username}")

view raw JSON →