id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20828	@permission_required should accept a list of permissions	Giggaflop	nobody	"This would remove the requirement to double wrap functions in permissions_required decorators to apply multiple permissions to a view.

This use case occurs when a view sits on modification of multiple models and therefore it is required that multiple permissions are checked.

Example of change:

User must be a manager with the authority to manage invoices to create/update invoices.

{{{
@permission_required(['order.invoice','auth.manager'])
def purchase_request(request, item_uuid, quantity):
    item = models.Item.objects.get(pk=item_uuid)
    invoice, created = models.Invoice.objects.get_or_create(item=item, user=request.user, quantity=quantity)
    return render(request, 'order/invoice.html', {'item':item, 'invoice':invoice, 'created':created})       
}}}
 
"	New feature	closed	contrib.auth	dev	Normal	fixed			Accepted	1	0	0	1	0	0