Code

Ticket #4617: django-auth-decorators-plus-tests.diff

File django-auth-decorators-plus-tests.diff, 3.4 KB (added by ctrochalakis, 6 years ago)

django-auth-decorators+tests

Line 
1diff --git a/django/contrib/auth/decorators.py b/django/contrib/auth/decorators.py
2index f3f7f53..d1d69cd 100644
3--- a/django/contrib/auth/decorators.py
4+++ b/django/contrib/auth/decorators.py
5@@ -1,5 +1,5 @@
6 from django.contrib.auth import REDIRECT_FIELD_NAME
7-from django.http import HttpResponseRedirect
8+from django.http import HttpResponseRedirect, HttpResponseForbidden
9 from django.utils.http import urlquote
10 
11 def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
12@@ -60,6 +60,10 @@ class _CheckLogin(object):
13     def __call__(self, request, *args, **kwargs):
14         if self.test_func(request.user):
15             return self.view_func(request, *args, **kwargs)
16-        path = urlquote(request.get_full_path())
17-        tup = self.login_url, self.redirect_field_name, path
18-        return HttpResponseRedirect('%s?%s=%s' % tup)
19+        elif not request.user.is_authenticated():
20+            path = urlquote(request.get_full_path())
21+            tup = self.login_url, self.redirect_field_name, path
22+            return HttpResponseRedirect('%s?%s=%s' % tup)
23+        else:
24+            return HttpResponseForbidden('<h1>Permission denied</h1>')
25+
26diff --git a/django/test/testcases.py b/django/test/testcases.py
27index 1d65ee1..04246af 100644
28--- a/django/test/testcases.py
29+++ b/django/test/testcases.py
30@@ -101,6 +101,12 @@ class TestCase(unittest.TestCase):
31              " (expected %d)") %
32                  (path, redirect_response.status_code, target_status_code))
33 
34+    def assertStatusCode(self, response, status_code):
35+        """Asserts that a response had a scecific status code."""
36+        self.assertEqual(response.status_code, status_code,
37+            ("Wrong status code: Response code was %d"
38+             " (expected %d)" % (response.status_code, status_code)))
39+
40     def assertContains(self, response, text, count=None, status_code=200):
41         """
42         Asserts that a response indicates that a page was retreived
43diff --git a/tests/modeltests/test_client/models.py b/tests/modeltests/test_client/models.py
44index 1a6e1bd..fb48e52 100644
45--- a/tests/modeltests/test_client/models.py
46+++ b/tests/modeltests/test_client/models.py
47@@ -325,9 +325,9 @@ class ClientTest(TestCase):
48         login = self.client.login(username='testclient', password='password')
49         self.failUnless(login, 'Could not log in')
50 
51-        # Log in with wrong permissions. Should result in 302.
52+        # Log in with wrong permissions. Should result in 403 (Forbidden).
53         response = self.client.get('/test_client/permission_protected_view/')
54-        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')
55+        self.assertStatusCode(response, 403)
56 
57         # TODO: Log in with right permissions and request the page again
58 
59@@ -342,9 +342,9 @@ class ClientTest(TestCase):
60         login = self.client.login(username='testclient', password='password')
61         self.failUnless(login, 'Could not log in')
62 
63-        # Log in with wrong permissions. Should result in 302.
64+        # Log in with wrong permissions. Should result in 403 (Forbidden).
65         response = self.client.get('/test_client/permission_protected_method_view/')
66-        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')
67+        self.assertStatusCode(response, 403)
68 
69         # TODO: Log in with right permissions and request the page again
70