Ticket #4617: permission_required_tinyfix.diff
| File permission_required_tinyfix.diff, 4.4 KB (added by , 13 years ago) |
|---|
-
docs/topics/auth.txt
1156 1156 ``"<app label>.<permission codename>"`` (i.e. ``polls.can_vote`` for a 1157 1157 permission on a model in the ``polls`` application). 1158 1158 1159 If the user is *not* logged in, he will be redirected to the ``login_url``. 1160 If the user *is* logged in but doesn't have permission, a 403 error response 1161 (forbidden) will be returned. See :doc:`/topics/http/views/`. 1162 1159 1163 Note that :func:`~django.contrib.auth.decorators.permission_required()` 1160 1164 also takes an optional ``login_url`` parameter. Example:: 1161 1165 -
tests/modeltests/test_client/models.py
364 364 login = self.client.login(username='testclient', password='password') 365 365 self.assertTrue(login, 'Could not log in') 366 366 367 # Log in with wrong permissions. Should result in 302.367 # Log in with wrong permissions. Should result in 403. 368 368 response = self.client.get('/test_client/permission_protected_view/') 369 self.assert Redirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')369 self.assertEqual(response.status_code, 403) 370 370 371 371 # TODO: Log in with right permissions and request the page again 372 372 … … 381 381 login = self.client.login(username='testclient', password='password') 382 382 self.assertTrue(login, 'Could not log in') 383 383 384 # Log in with wrong permissions. Should result in 302.384 # Log in with wrong permissions. Should result in 403. 385 385 response = self.client.get('/test_client/permission_protected_method_view/') 386 self.assert Redirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')386 self.assertEqual(response.status_code, 403) 387 387 388 388 # TODO: Log in with right permissions and request the page again 389 389 -
tests/regressiontests/comment_tests/tests/moderation_view_tests.py
80 80 pk = comments[0].pk 81 81 self.client.login(username="normaluser", password="normaluser") 82 82 response = self.client.get("/delete/%d/" % pk) 83 self.assertEqual(response ["Location"], "http://testserver/accounts/login/?next=/delete/%d/" % pk)83 self.assertEqual(response.status_code, 403) 84 84 85 85 makeModerator("normaluser") 86 86 response = self.client.get("/delete/%d/" % pk) … … 124 124 pk = comments[0].pk 125 125 self.client.login(username="normaluser", password="normaluser") 126 126 response = self.client.get("/approve/%d/" % pk) 127 self.assertEqual(response ["Location"], "http://testserver/accounts/login/?next=/approve/%d/" % pk)127 self.assertEqual(response.status_code, 403) 128 128 129 129 makeModerator("normaluser") 130 130 response = self.client.get("/approve/%d/" % pk) -
django/contrib/auth/decorators.py
2 2 from functools import wraps 3 3 from django.conf import settings 4 4 from django.contrib.auth import REDIRECT_FIELD_NAME 5 from django.core.exceptions import PermissionDenied 5 6 from django.utils.decorators import available_attrs 6 7 7 8 … … 50 51 def permission_required(perm, login_url=None): 51 52 """ 52 53 Decorator for views that checks whether a user has a particular permission 53 enabled, redirecting to the log-in page if necessary. 54 enabled, redirecting to the log-in page if user is not authenticated. 55 If user is authenticated and does not have the permission, raise 56 PermissionDenied. 54 57 """ 55 return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url) 58 def check_perms(user): 59 if user.is_anonymous(): 60 return False 61 if user.has_perm(perm): 62 return True 63 raise PermissionDenied 64 return user_passes_test(check_perms, login_url=login_url)