Opened 6 years ago

Closed 6 years ago

#20828 closed New feature (fixed)

@permission_required should accept a list of permissions

Reported by: Giggaflop Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no


This would remove the requirement to double wrap functions in permissions_required decorators to apply multiple permissions to a view.

This use case occurs when a view sits on modification of multiple models and therefore it is required that multiple permissions are checked.

Example of change:

User must be a manager with the authority to manage invoices to create/update invoices.

def purchase_request(request, item_uuid, quantity):
    item = models.Item.objects.get(pk=item_uuid)
    invoice, created = models.Invoice.objects.get_or_create(item=item, user=request.user, quantity=quantity)
    return render(request, 'order/invoice.html', {'item':item, 'invoice':invoice, 'created':created})       

Change History (5)

comment:1 Changed 6 years ago by anonymous

possible implementation, not tested.

def permission_required(perms, login_url=None):
    Decorator for views that checks whether a user has a particular permission
    enabled, redirecting to the log-in page if necessary.
    return user_passes_test(all([True for perm in perms if u.has_perm(perm)]), login_url=login_url)

comment:2 Changed 6 years ago by Claude Paroz

Component: Uncategorizedcontrib.auth
Triage Stage: UnreviewedAccepted
Version: master

Looks like a sensible request.

comment:3 Changed 6 years ago by ersran9

I've added a pull request : . Could someone take a look at it?

comment:4 Changed 6 years ago by Tim Graham

Has patch: set
Patch needs improvement: set

comment:5 Changed 6 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In 00d23a13ebaf6057d1428e798bfb6cf47bb5ef7c:

Fixed #20828 -- Allowed @permission_required to take a list of permissions

Thanks Giggaflop for the suggestion.

Note: See TracTickets for help on using tickets.
Back to Top