Ticket #4617: decorators.diff

File decorators.diff, 4.0 KB (added by milosu, 7 years ago)

no permission case handled via template

  • decorators.py

    old new  
    44    from django.utils.functional import wraps, update_wrapper  # Python 2.3, 2.4 fallback.
    55
    66from django.contrib.auth import REDIRECT_FIELD_NAME
    7 from django.template import Context, loader
    8 from django.http import HttpResponseRedirect, HttpResponseForbidden
     7from django.http import HttpResponseRedirect
    98from django.utils.http import urlquote
    109
    11 def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME, template_403 = None):
     10def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
    1211    """
    1312    Decorator for views that checks that the user passes the given test,
    1413    redirecting to the log-in page if necessary. The test should be a callable
    1514    that takes the user object and returns True if the user passes.
    1615    """
    1716    def decorate(view_func):
    18         return _CheckLogin(view_func, test_func, login_url, redirect_field_name, template_403)
     17        return _CheckLogin(view_func, test_func, login_url, redirect_field_name)
    1918    return decorate
    2019
    21 def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, template_403 = None):
     20def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME):
    2221    """
    2322    Decorator for views that checks that the user is logged in, redirecting
    2423    to the log-in page if necessary.
     
    2625    actual_decorator = user_passes_test(
    2726        lambda u: u.is_authenticated(),
    2827        redirect_field_name=redirect_field_name,
    29         template_403=template_403,
    3028    )
    3129    if function:
    3230        return actual_decorator(function)
    3331    return actual_decorator
    3432
    35 def permission_required(perm, login_url=None, template_403=None):
     33def permission_required(perm, login_url=None):
    3634    """
    3735    Decorator for views that checks whether a user has a particular permission
    3836    enabled, redirecting to the log-in page if necessary.
    3937    """
    40     return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url, template_403 = template_403)
     38    return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)
    4139
    4240class _CheckLogin(object):
    4341    """
     
    5048    _CheckLogin object is used as a method decorator, the view function
    5149    is properly bound to its instance.
    5250    """
    53     def __init__(self, view_func, test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME, template_403=None):
     51    def __init__(self, view_func, test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
    5452        if not login_url:
    5553            from django.conf import settings
    5654            login_url = settings.LOGIN_URL
    5755
    58         if not template_403:
    59             template_403 = '403.html'
    60 
    6156        self.view_func = view_func
    6257        self.test_func = test_func
    6358        self.login_url = login_url
    6459        self.redirect_field_name = redirect_field_name
    65         self.template_403 = template_403
    6660        update_wrapper(self, view_func)
    6761       
    6862    def __get__(self, obj, cls=None):
    6963        view_func = self.view_func.__get__(obj, cls)
    70         return _CheckLogin(view_func, self.test_func, self.login_url, self.redirect_field_name, self.template_403)
     64        return _CheckLogin(view_func, self.test_func, self.login_url, self.redirect_field_name)
    7165   
    7266    def __call__(self, request, *args, **kwargs):
    7367        if self.test_func(request.user):
    7468            return self.view_func(request, *args, **kwargs)
    75         elif not request.user.is_authenticated():
    76             path = urlquote(request.get_full_path())
    77             tup = self.login_url, self.redirect_field_name, path
    78             return HttpResponseRedirect('%s?%s=%s' % tup)
    79         else:   # authorization test failed for authenticated user
    80             t = loader.get_template(self.template_403) # You need to create a 403.html template.
    81             return HttpResponseForbidden(t.render(Context({})))
     69        path = urlquote(request.get_full_path())
     70        tup = self.login_url, self.redirect_field_name, path
     71        return HttpResponseRedirect('%s?%s=%s' % tup)
Back to Top