mixins.py

from django import forms
from django.http import HttpResponseForbidden

from employees.models import Employee

class PinForm(forms.Form):
    number = forms.CharField(max_length=4)
    pin = forms.CharField(max_length=4)

    def check_authentication(self):
        """ Assumes the form is baseline valid, and tries to look up an Employee object. """
        try:
            Employee.objects.get(**self.cleaned_data)
        except Employee.DoesNotExist:
            return False
        else:
            return True


class PinAuthenticatedMixin(object):
    """ Receives posted PIN login data and decides if it matches an Employee. """

    def post(self, request, *args, **kwargs):
        form = PinForm(request.POST)
        if form.is_valid() and form.check_authentication():
            return super(PinAuthenticatedMixin, self).post(request, *args, **kwargs)
            
        return HttpResponseForbidden()

    def get_context_data(self, **kwargs):
        context = super(PinAuthenticatedMixin, self).get_context_data(**kwargs)
        context['pin_form'] = PinForm()
        return context
        

# In action:
class MyView(PinAuthenticatedMixin, TemplateView):
    template_name = "something.html"