Code

Ticket #4617: permission_required_tinyfix.diff

File permission_required_tinyfix.diff, 4.4 KB (added by erikr, 3 years ago)

Tiny fix on Roalds version: removed old commented out code

Line 
1Index: docs/topics/auth.txt
2===================================================================
3--- docs/topics/auth.txt        (revision 16345)
4+++ docs/topics/auth.txt        (working copy)
5@@ -1156,6 +1156,10 @@
6     ``"<app label>.<permission codename>"`` (i.e. ``polls.can_vote`` for a
7     permission on a model in the ``polls`` application).
8 
9+    If the user is *not* logged in, he will be redirected to the ``login_url``.
10+    If the user *is* logged in but doesn't have permission, a 403 error response
11+    (forbidden) will be returned. See :doc:`/topics/http/views/`.
12+
13     Note that :func:`~django.contrib.auth.decorators.permission_required()`
14     also takes an optional ``login_url`` parameter. Example::
15 
16Index: tests/modeltests/test_client/models.py
17===================================================================
18--- tests/modeltests/test_client/models.py      (revision 16345)
19+++ tests/modeltests/test_client/models.py      (working copy)
20@@ -364,9 +364,9 @@
21         login = self.client.login(username='testclient', password='password')
22         self.assertTrue(login, 'Could not log in')
23 
24-        # Log in with wrong permissions. Should result in 302.
25+        # Log in with wrong permissions. Should result in 403.
26         response = self.client.get('/test_client/permission_protected_view/')
27-        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')
28+        self.assertEqual(response.status_code, 403)
29 
30         # TODO: Log in with right permissions and request the page again
31 
32@@ -381,9 +381,9 @@
33         login = self.client.login(username='testclient', password='password')
34         self.assertTrue(login, 'Could not log in')
35 
36-        # Log in with wrong permissions. Should result in 302.
37+        # Log in with wrong permissions. Should result in 403.
38         response = self.client.get('/test_client/permission_protected_method_view/')
39-        self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')
40+        self.assertEqual(response.status_code, 403)
41 
42         # TODO: Log in with right permissions and request the page again
43 
44Index: tests/regressiontests/comment_tests/tests/moderation_view_tests.py
45===================================================================
46--- tests/regressiontests/comment_tests/tests/moderation_view_tests.py  (revision 16345)
47+++ tests/regressiontests/comment_tests/tests/moderation_view_tests.py  (working copy)
48@@ -80,7 +80,7 @@
49         pk = comments[0].pk
50         self.client.login(username="normaluser", password="normaluser")
51         response = self.client.get("/delete/%d/" % pk)
52-        self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/delete/%d/" % pk)
53+        self.assertEqual(response.status_code, 403)
54 
55         makeModerator("normaluser")
56         response = self.client.get("/delete/%d/" % pk)
57@@ -124,7 +124,7 @@
58         pk = comments[0].pk
59         self.client.login(username="normaluser", password="normaluser")
60         response = self.client.get("/approve/%d/" % pk)
61-        self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/approve/%d/" % pk)
62+        self.assertEqual(response.status_code, 403)
63 
64         makeModerator("normaluser")
65         response = self.client.get("/approve/%d/" % pk)
66Index: django/contrib/auth/decorators.py
67===================================================================
68--- django/contrib/auth/decorators.py   (revision 16345)
69+++ django/contrib/auth/decorators.py   (working copy)
70@@ -2,6 +2,7 @@
71 from functools import wraps
72 from django.conf import settings
73 from django.contrib.auth import REDIRECT_FIELD_NAME
74+from django.core.exceptions import PermissionDenied
75 from django.utils.decorators import available_attrs
76 
77 
78@@ -50,6 +51,14 @@
79 def permission_required(perm, login_url=None):
80     """
81     Decorator for views that checks whether a user has a particular permission
82-    enabled, redirecting to the log-in page if necessary.
83+    enabled, redirecting to the log-in page if user is not authenticated.
84+    If user is authenticated and does not have the permission, raise
85+    PermissionDenied.
86     """
87-    return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)
88+    def check_perms(user):
89+        if user.is_anonymous():
90+            return False
91+        if user.has_perm(perm):
92+            return True
93+        raise PermissionDenied
94+    return user_passes_test(check_perms, login_url=login_url)