How to disable HTML view with django?

Question

Imagine you are using django guardian for some object level restrictions.

Now I have the following code; admin.py

class ControlAdmin(GuardedModelAdmin):
    prepopulated_fields = {"description": ("title",)}
    list_display = ('title', 'description', 'priority')
    search_fields = ('title', 'description')
    ordering = ('-title',)

Now I have selected in the database that user maxdh has no permissions for viewing a control, which checks out:

>>> control = Control.objects.first()
>>> checker = ObjectPermissionChecker(maxdh)
>>> checker.has_perm('change_control', control)
False
>>> checker.has_perm('view_control', control)
False

However when I go to the html which renders the table for the controls I can still see the table:

html:

    <div class="card-body">
        <div class="card-body">
            {% load django_tables2 %}
            {% render_table controls %}

What am I is missing?

I read the docs but could not identify

Please help!

Answer 1

Tried the following:

    {% load guardian_tags %}
    {% get_obj_perms request.user for Control as "control_perms" %}
    {% if "view_control" in control_perms %}
    <div class="card-body">
        <div class="card-body">
            {% load django_tables2 %}
            {% render_table controls %}
        </div>
    {% endif %}

However leads to

VariableDoesNotExist at /control/control
Failed lookup for key [Control] in [{'True': True, 'False': False, 'None': None}, {}, {}, {'paginator': None, 'page_obj': None, 'is_paginated': False, 'object_list': <SoftDeleteQuerySet [<Control: Go-live approval>]>, 'control_list': <SoftDeleteQuerySet [<Control: Go-live approval>]>, 'filter': <django_filters.filterset.ControlFilterSet object at 0x000002B9C2C8FE08>, 'form': <ControlForm bound=False, valid=False, fields=(title;description;activity;type;frequency;owner;reviewer1;reviewer2;priority;reviewer1_r;reviewer2_r;status;process;risk;bu;application;referencenumber)>, 'view': <app.views.ControlView object at 0x000002B9C2BAA948>, 'table': <django_tables2.tables.ControlAutogeneratedTable object at 0x000002B9C2D3D148>, 'controls': <SoftDeleteQuerySet [<Control: Go-live approval>]>}]