Ticket #4617: permission_required.diff

File permission_required.diff, 4.7 KB (added by Roald de Vries <roald@…>, 13 years ago)
  • django/contrib/auth/decorators.py

    diff --git a/django/contrib/auth/decorators.py b/django/contrib/auth/decorators.py
    index 00a6bce..7840c67 100644
    a b import urlparse  
    22from functools import wraps
    33from django.conf import settings
    44from django.contrib.auth import REDIRECT_FIELD_NAME
     5from django.core.exceptions import PermissionDenied
    56from django.utils.decorators import available_attrs
    67
    78
    def login_required(function=None, redirect_field_name=REDIRECT_FIELD_NAME, login  
    5051def permission_required(perm, login_url=None):
    5152    """
    5253    Decorator for views that checks whether a user has a particular permission
    53     enabled, redirecting to the log-in page if necessary.
     54    enabled, redirecting to the log-in page if user is not authenticated.
     55    If user is authenticated and does not have the permission, raise
     56    PermissionDenied.
    5457    """
    55     return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)
     58    # return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)
     59    def check_perms(user):
     60        if user.is_anonymous():
     61            return False
     62        if user.has_perm(perm):
     63            return True
     64        raise PermissionDenied
     65    return user_passes_test(check_perms, login_url=login_url)
  • docs/topics/auth.txt

    diff --git a/docs/topics/auth.txt b/docs/topics/auth.txt
    index 12d538f..f092d30 100644
    a b The permission_required decorator  
    11561156    ``"<app label>.<permission codename>"`` (i.e. ``polls.can_vote`` for a
    11571157    permission on a model in the ``polls`` application).
    11581158
     1159    If the user is *not* logged in, he will be redirected to the ``login_url``.
     1160    If the user *is* logged in but doesn't have permission, a 403 error response
     1161    (forbidden) will be returned. See :doc:`/topics/http/views/`.
     1162
    11591163    Note that :func:`~django.contrib.auth.decorators.permission_required()`
    11601164    also takes an optional ``login_url`` parameter. Example::
    11611165
  • tests/modeltests/test_client/models.py

    diff --git a/tests/modeltests/test_client/models.py b/tests/modeltests/test_client/models.py
    index 16bdd2d..61f2101 100644
    a b class ClientTest(TestCase):  
    364364        login = self.client.login(username='testclient', password='password')
    365365        self.assertTrue(login, 'Could not log in')
    366366
    367         # Log in with wrong permissions. Should result in 302.
     367        # Log in with wrong permissions. Should result in 403.
    368368        response = self.client.get('/test_client/permission_protected_view/')
    369         self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')
     369        self.assertEqual(response.status_code, 403)
    370370
    371371        # TODO: Log in with right permissions and request the page again
    372372
    class ClientTest(TestCase):  
    381381        login = self.client.login(username='testclient', password='password')
    382382        self.assertTrue(login, 'Could not log in')
    383383
    384         # Log in with wrong permissions. Should result in 302.
     384        # Log in with wrong permissions. Should result in 403.
    385385        response = self.client.get('/test_client/permission_protected_method_view/')
    386         self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')
     386        self.assertEqual(response.status_code, 403)
    387387
    388388        # TODO: Log in with right permissions and request the page again
    389389
  • tests/regressiontests/comment_tests/tests/moderation_view_tests.py

    diff --git a/tests/regressiontests/comment_tests/tests/moderation_view_tests.py b/tests/regressiontests/comment_tests/tests/moderation_view_tests.py
    index c9be06a..3d0c138 100644
    a b class DeleteViewTests(CommentTestCase):  
    8080        pk = comments[0].pk
    8181        self.client.login(username="normaluser", password="normaluser")
    8282        response = self.client.get("/delete/%d/" % pk)
    83         self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/delete/%d/" % pk)
     83        self.assertEqual(response.status_code, 403)
    8484
    8585        makeModerator("normaluser")
    8686        response = self.client.get("/delete/%d/" % pk)
    class ApproveViewTests(CommentTestCase):  
    124124        pk = comments[0].pk
    125125        self.client.login(username="normaluser", password="normaluser")
    126126        response = self.client.get("/approve/%d/" % pk)
    127         self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/approve/%d/" % pk)
     127        self.assertEqual(response.status_code, 403)
    128128
    129129        makeModerator("normaluser")
    130130        response = self.client.get("/approve/%d/" % pk)
Back to Top