Django

Django + Dash, secure, no Enterprise license - not at all?

Something I sit and stupid.

There is a site on Django with authentication, differentiation of access rights and other joys. There is a desire to embed a dashboard into it, and also with limited access. There is Dash, on which you can make such a dashboard, but it has flask "inside". To make them friends with each other, the documentation suggests an iframe, but I need to 100% cut off access for everyone except a certain group of users (the information is financial, everyone does not need to see it). They promise secure embedding in the Enterprise version, but they won't give me money for it.

So far, the only thing that came to mind was to do the iframe, but pull the data for it from the Django part via REST and give it there only via @login_required and checking rights, but I strongly doubt that such a request will go on behalf of the logged in user (yes, I I'm not well versed in web technologies, this is not my main job, unfortunately).

Can you suggest where to dig? Or won't it work? Now the choice is to deal with Dash or immediately look for other options and do not want to waste time kicking a dead horse.

Thanks in advance.