diff --git a/django/contrib/auth/decorators.py b/django/contrib/auth/decorators.py
index f3f7f53..d1d69cd 100644
--- a/django/contrib/auth/decorators.py
+++ b/django/contrib/auth/decorators.py
@@ -1,5 +1,5 @@
 from django.contrib.auth import REDIRECT_FIELD_NAME
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponseForbidden
 from django.utils.http import urlquote
 
 def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
@@ -60,6 +60,10 @@ class _CheckLogin(object):
     def __call__(self, request, *args, **kwargs):
         if self.test_func(request.user):
             return self.view_func(request, *args, **kwargs)
-        path = urlquote(request.get_full_path())
-        tup = self.login_url, self.redirect_field_name, path
-        return HttpResponseRedirect('%s?%s=%s' % tup)
+        elif not request.user.is_authenticated():
+            path = urlquote(request.get_full_path())
+            tup = self.login_url, self.redirect_field_name, path
+            return HttpResponseRedirect('%s?%s=%s' % tup)
+        else:
+            return HttpResponseForbidden('<h1>Permission denied</h1>')
+