Code

Opened 9 months ago

Closed 8 months ago

#20828 closed New feature (fixed)

@permission_required should accept a list of permissions

Reported by: Giggaflop Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

This would remove the requirement to double wrap functions in permissions_required decorators to apply multiple permissions to a view.

This use case occurs when a view sits on modification of multiple models and therefore it is required that multiple permissions are checked.

Example of change:

User must be a manager with the authority to manage invoices to create/update invoices.

@permission_required(['order.invoice','auth.manager'])
def purchase_request(request, item_uuid, quantity):
    item = models.Item.objects.get(pk=item_uuid)
    invoice, created = models.Invoice.objects.get_or_create(item=item, user=request.user, quantity=quantity)
    return render(request, 'order/invoice.html', {'item':item, 'invoice':invoice, 'created':created})       


Attachments (0)

Change History (5)

comment:1 Changed 9 months ago by anonymous

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

possible implementation, not tested.

def permission_required(perms, login_url=None):
    """
    Decorator for views that checks whether a user has a particular permission
    enabled, redirecting to the log-in page if necessary.
    """
    return user_passes_test(all([True for perm in perms if u.has_perm(perm)]), login_url=login_url)

comment:2 Changed 9 months ago by claudep

  • Component changed from Uncategorized to contrib.auth
  • Triage Stage changed from Unreviewed to Accepted
  • Version set to master

Looks like a sensible request.

comment:3 Changed 8 months ago by ersran9

I've added a pull request : https://github.com/django/django/pull/1448 . Could someone take a look at it?

comment:4 Changed 8 months ago by timo

  • Has patch set
  • Patch needs improvement set

comment:5 Changed 8 months ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 00d23a13ebaf6057d1428e798bfb6cf47bb5ef7c:

Fixed #20828 -- Allowed @permission_required to take a list of permissions

Thanks Giggaflop for the suggestion.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.