security_utils

Functions

app_label_from_module(→ str | None)	Resolve a Django app label from a module path.
is_globally_allowed(→ bool)	Global allow semantics:
is_unauthenticated_allowed(→ bool)	Unauthenticated allowlist semantics (separate from is_globally_allowed):
is_allowed_by_spec(→ bool)	General allowlist semantics:

app_label_from_module

app_label_from_module(module_name: str) → str | None

Resolve a Django app label from a module path. Uses apps.get_containing_app_config with a light fallback.

is_globally_allowed

is_globally_allowed(global_allow_spec, hx_app: str | None, hx_name: str) → bool

Global allow semantics:

• list-form: any Hx from listed apps is globally allowed

• dict-form: only listed Hx names (or __all__) from that app are globally allowed

is_unauthenticated_allowed

is_unauthenticated_allowed(spec, hx_app: str | None, hx_name: str | None) → bool

Unauthenticated allowlist semantics (separate from is_globally_allowed):

• list/tuple/set: any Hx from listed apps is allowed unauthenticated

• dict:

  app -> “__all__” # all Hx in that app app -> [“HxNameA”, “HxNameB”] # only these Hx names in that app

is_allowed_by_spec

is_allowed_by_spec(allow_spec, hx_app: str | None, hx_name: str) → bool

General allowlist semantics:

• list/tuple/set: any Hx from listed apps is allowed

• dict:

  app -> “__all__” # all Hx in that app app -> [“HxNameA”, “HxNameB”] # only these Hx names in that app