Ticket #4617: permission_required_tinyfix.diff

File permission_required_tinyfix.diff, 4.4 KB (added by erikr, 4 years ago)

Tiny fix on Roalds version: removed old commented out code

  • docs/topics/auth.txt

     
    11561156    ``"<app label>.<permission codename>"`` (i.e. ``polls.can_vote`` for a
    11571157    permission on a model in the ``polls`` application).
    11581158
     1159    If the user is *not* logged in, he will be redirected to the ``login_url``.
     1160    If the user *is* logged in but doesn't have permission, a 403 error response
     1161    (forbidden) will be returned. See :doc:`/topics/http/views/`.
     1162
    11591163    Note that :func:`~django.contrib.auth.decorators.permission_required()`
    11601164    also takes an optional ``login_url`` parameter. Example::
    11611165
  • tests/modeltests/test_client/models.py

     
    364364        login = self.client.login(username='testclient', password='password')
    365365        self.assertTrue(login, 'Could not log in')
    366366
    367         # Log in with wrong permissions. Should result in 302.
     367        # Log in with wrong permissions. Should result in 403.
    368368        response = self.client.get('/test_client/permission_protected_view/')
    369         self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_view/')
     369        self.assertEqual(response.status_code, 403)
    370370
    371371        # TODO: Log in with right permissions and request the page again
    372372
     
    381381        login = self.client.login(username='testclient', password='password')
    382382        self.assertTrue(login, 'Could not log in')
    383383
    384         # Log in with wrong permissions. Should result in 302.
     384        # Log in with wrong permissions. Should result in 403.
    385385        response = self.client.get('/test_client/permission_protected_method_view/')
    386         self.assertRedirects(response, 'http://testserver/accounts/login/?next=/test_client/permission_protected_method_view/')
     386        self.assertEqual(response.status_code, 403)
    387387
    388388        # TODO: Log in with right permissions and request the page again
    389389
  • tests/regressiontests/comment_tests/tests/moderation_view_tests.py

     
    8080        pk = comments[0].pk
    8181        self.client.login(username="normaluser", password="normaluser")
    8282        response = self.client.get("/delete/%d/" % pk)
    83         self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/delete/%d/" % pk)
     83        self.assertEqual(response.status_code, 403)
    8484
    8585        makeModerator("normaluser")
    8686        response = self.client.get("/delete/%d/" % pk)
     
    124124        pk = comments[0].pk
    125125        self.client.login(username="normaluser", password="normaluser")
    126126        response = self.client.get("/approve/%d/" % pk)
    127         self.assertEqual(response["Location"], "http://testserver/accounts/login/?next=/approve/%d/" % pk)
     127        self.assertEqual(response.status_code, 403)
    128128
    129129        makeModerator("normaluser")
    130130        response = self.client.get("/approve/%d/" % pk)
  • django/contrib/auth/decorators.py

     
    22from functools import wraps
    33from django.conf import settings
    44from django.contrib.auth import REDIRECT_FIELD_NAME
     5from django.core.exceptions import PermissionDenied
    56from django.utils.decorators import available_attrs
    67
    78
     
    5051def permission_required(perm, login_url=None):
    5152    """
    5253    Decorator for views that checks whether a user has a particular permission
    53     enabled, redirecting to the log-in page if necessary.
     54    enabled, redirecting to the log-in page if user is not authenticated.
     55    If user is authenticated and does not have the permission, raise
     56    PermissionDenied.
    5457    """
    55     return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)
     58    def check_perms(user):
     59        if user.is_anonymous():
     60            return False
     61        if user.has_perm(perm):
     62            return True
     63        raise PermissionDenied
     64    return user_passes_test(check_perms, login_url=login_url)
Back to Top