Ticket #4376: django.contrib.auth.decorators.4.diff

File django.contrib.auth.decorators.4.diff, 9.6 KB (added by steven.bethard@…, 8 years ago)

Patch against revision 6364. This should now apply cleanly.

  • django/contrib/auth/decorators.py

     
    88    redirecting to the log-in page if necessary. The test should be a callable
    99    that takes the user object and returns True if the user passes.
    1010    """
    11     if not login_url:
    12         from django.conf import settings
    13         login_url = settings.LOGIN_URL
    14     def _dec(view_func):
    15         def _checklogin(request, *args, **kwargs):
    16             if test_func(request.user):
    17                 return view_func(request, *args, **kwargs)
    18             return HttpResponseRedirect('%s?%s=%s' % (login_url, redirect_field_name, urlquote(request.get_full_path())))
    19         _checklogin.__doc__ = view_func.__doc__
    20         _checklogin.__dict__ = view_func.__dict__
     11    def decorate(view_func):
     12        return _CheckLogin(view_func, test_func, login_url, redirect_field_name)
     13    return decorate
    2114
    22         return _checklogin
    23     return _dec
    24 
    2515def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME):
    2616    """
    2717    Decorator for views that checks that the user is logged in, redirecting
     
    4232    """
    4333    return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)
    4434
     35class _CheckLogin(object):
     36    """
     37    Class that checks that the user passes the given test, redirecting to
     38    the log-in page if necessary. If the test is passed, the view function
     39    is invoked. The test should be a callable that takes the user object
     40    and returns True if the user passes.
     41
     42    We use a class here so that we can define __get__. This way, when a
     43    _CheckLogin object is used as a method decorator, the view function
     44    is properly bound to its instance.
     45    """
     46    def __init__(self, view_func, test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
     47        if not login_url:
     48            from django.conf import settings
     49            login_url = settings.LOGIN_URL
     50        self.view_func = view_func
     51        self.test_func = test_func
     52        self.login_url = login_url
     53        self.redirect_field_name = redirect_field_name
     54       
     55    def __get__(self, obj, cls=None):
     56        view_func = self.view_func.__get__(obj, cls)
     57        return _CheckLogin(view_func, self.test_func, self.login_url, self.redirect_field_name)
     58   
     59    def __call__(self, request, *args, **kwargs):
     60        if self.test_func(request.user):
     61            return self.view_func(request, *args, **kwargs)
     62        path = urlquote(request.get_full_path())
     63        tup = self.login_url, self.redirect_field_name, path
     64        return HttpResponseRedirect('%s?%s=%s' % tup)
     65 No newline at end of file
  • tests/modeltests/test_client/models.py

     
    250250        self.assertEqual(response.status_code, 200)
    251251        self.assertEqual(response.context['user'].username, 'testclient')
    252252
     253    def test_view_with_method_login(self):
     254        "Request a page that is protected with a @login_required method"
     255       
     256        # Get the page without logging in. Should result in 302.
     257        response = self.client.get('/test_client/login_protected_method_view/')
     258        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/login_protected_method_view/')
     259       
     260        # Log in
     261        login = self.client.login(username='testclient', password='password')
     262        self.failUnless(login, 'Could not log in')
     263
     264        # Request a page that requires a login
     265        response = self.client.get('/test_client/login_protected_method_view/')
     266        self.assertEqual(response.status_code, 200)
     267        self.assertEqual(response.context['user'].username, 'testclient')
     268
    253269    def test_view_with_login_and_custom_redirect(self):
    254270        "Request a page that is protected with @login_required(redirect_field_name='redirect_to')"
    255271       
     
    295311        response = self.client.get('/test_client/login_protected_view/')
    296312        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/login_protected_view/')
    297313
     314    def test_view_with_permissions(self):
     315        "Request a page that is protected with @permission_required"
     316       
     317        # Get the page without logging in. Should result in 302.
     318        response = self.client.get('/test_client/permission_protected_view/')
     319        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')
     320       
     321        # Log in
     322        login = self.client.login(username='testclient', password='password')
     323        self.failUnless(login, 'Could not log in')
     324
     325        # Log in with wrong permissions. Should result in 302.
     326        response = self.client.get('/test_client/permission_protected_view/')
     327        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')
     328
     329        # TODO: Log in with right permissions and request the page again
     330
     331    def test_view_with_method_permissions(self):
     332        "Request a page that is protected with a @permission_required method"
     333       
     334        # Get the page without logging in. Should result in 302.
     335        response = self.client.get('/test_client/permission_protected_method_view/')
     336        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')
     337       
     338        # Log in
     339        login = self.client.login(username='testclient', password='password')
     340        self.failUnless(login, 'Could not log in')
     341
     342        # Log in with wrong permissions. Should result in 302.
     343        response = self.client.get('/test_client/permission_protected_method_view/')
     344        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')
     345
     346        # TODO: Log in with right permissions and request the page again
     347
    298348    def test_session_modifying_view(self):
    299349        "Request a page that modifies the session"
    300350        # Session value isn't set initially
  • tests/modeltests/test_client/urls.py

     
    1313    (r'^form_view/$', views.form_view),
    1414    (r'^form_view_with_template/$', views.form_view_with_template),
    1515    (r'^login_protected_view/$', views.login_protected_view),
     16    (r'^login_protected_method_view/$', views.login_protected_method_view),
    1617    (r'^login_protected_view_custom_redirect/$', views.login_protected_view_changed_redirect),
     18    (r'^permission_protected_view/$', views.permission_protected_view),
     19    (r'^permission_protected_method_view/$', views.permission_protected_method_view),
    1720    (r'^session_view/$', views.session_view),
    1821    (r'^broken_view/$', views.broken_view),
    1922    (r'^mail_sending_view/$', views.mail_sending_view),
  • tests/modeltests/test_client/views.py

     
    33from django.core.mail import EmailMessage, SMTPConnection
    44from django.template import Context, Template
    55from django.http import HttpResponse, HttpResponseRedirect, HttpResponseNotFound
    6 from django.contrib.auth.decorators import login_required
     6from django.contrib.auth.decorators import login_required, permission_required
    77from django.newforms.forms import Form
    88from django.newforms import fields
    99from django.shortcuts import render_to_response
     
    130130    return HttpResponse(t.render(c))
    131131login_protected_view_changed_redirect = login_required(redirect_field_name="redirect_to")(login_protected_view_changed_redirect)
    132132
     133def permission_protected_view(request):
     134    "A simple view that is permission protected."
     135    t = Template('This is a permission protected test. '
     136                 'Username is {{ user.username }}. '
     137                 'Permissions are {{ user.get_all_permissions }}.' ,
     138                 name='Permissions Template')
     139    c = Context({'user': request.user})
     140    return HttpResponse(t.render(c))
     141permission_protected_view = permission_required('modeltests.test_perm')(permission_protected_view)
     142
     143class _ViewManager(object):
     144    def login_protected_view(self, request):
     145        t = Template('This is a login protected test using a method. '
     146                     'Username is {{ user.username }}.',
     147                     name='Login Method Template')
     148        c = Context({'user': request.user})
     149        return HttpResponse(t.render(c))
     150    login_protected_view = login_required(login_protected_view)
     151
     152    def permission_protected_view(self, request):
     153        t = Template('This is a permission protected test using a method. '
     154                     'Username is {{ user.username }}. '
     155                     'Permissions are {{ user.get_all_permissions }}.' ,
     156                     name='Permissions Template')
     157        c = Context({'user': request.user})
     158        return HttpResponse(t.render(c))
     159    permission_protected_view = permission_required('modeltests.test_perm')(permission_protected_view)
     160
     161_view_manager = _ViewManager()
     162login_protected_method_view = _view_manager.login_protected_view
     163permission_protected_method_view = _view_manager.permission_protected_view
     164
    133165def session_view(request):
    134166    "A view that modifies the session"
    135167    request.session['tobacconist'] = 'hovercraft'
Back to Top