Ticket #4617: decorators.3.diff

File decorators.3.diff, 3.7 KB (added by narsilou, 4 years ago)

Version using PermissionDenied as suggested in comment 20

  • tests/modeltests/test_client/models.py

     
    364364        login = self.client.login(username='testclient', password='password')
    365365        self.assertTrue(login, 'Could not log in')
    366366
    367         # Log in with wrong permissions. Should result in 302.
     367        # Log in with wrong permissions. Should result in 403.
    368368        response = self.client.get('/test_client/permission_protected_view/')
    369         self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')
     369        self.assertEqual(response.status_code, 403)
    370370
    371371        # TODO: Log in with right permissions and request the page again
    372372
     
    381381        login = self.client.login(username='testclient', password='password')
    382382        self.assertTrue(login, 'Could not log in')
    383383
    384         # Log in with wrong permissions. Should result in 302.
     384        # Log in with wrong permissions. Should result in 403.
    385385        response = self.client.get('/test_client/permission_protected_method_view/')
    386         self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')
     386        self.assertEqual(response.status_code, 403)
    387387
    388388        # TODO: Log in with right permissions and request the page again
    389389
  • tests/regressiontests/comment_tests/tests/moderation_view_tests.py

     
    8080        pk = comments[0].pk
    8181        self.client.login(username="normaluser", password="normaluser")
    8282        response = self.client.get("/delete/%d/" % pk)
    83         self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/delete/%d/" % pk)
     83        self.assertEqual(response.status_code, 403)
    8484
    8585        makeModerator("normaluser")
    8686        response = self.client.get("/delete/%d/" % pk)
     
    124124        pk = comments[0].pk
    125125        self.client.login(username="normaluser", password="normaluser")
    126126        response = self.client.get("/approve/%d/" % pk)
    127         self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/approve/%d/" % pk)
     127        self.assertEqual(response.status_code, 403)
    128128
    129129        makeModerator("normaluser")
    130130        response = self.client.get("/approve/%d/" % pk)
  • django/contrib/auth/decorators.py

     
    22from functools import wraps
    33from django.conf import settings
    44from django.contrib.auth import REDIRECT_FIELD_NAME
     5from django.core.exceptions import PermissionDenied
    56from django.utils.decorators import available_attrs
    67
    78
     
    5051def permission_required(perm, login_url=None):
    5152    """
    5253    Decorator for views that checks whether a user has a particular permission
    53     enabled, redirecting to the log-in page if necessary.
     54    enabled, redirecting to the log-in page if user is not authenticated.
     55    If user is authenticated and does not have the permission, raise
     56    PermissionDenied.
    5457    """
    55     return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)
     58    def check_perms(user):
     59        if user.is_anonymous():
     60            return False
     61        if user.has_perm(perm):
     62            return True
     63        raise PermissionDenied
     64    return user_passes_test(check_perms, login_url=login_url)
Back to Top