Code

Opened 8 years ago

Closed 8 years ago

#2357 closed enhancement (wontfix)

URL Patterns to have login_required or equiv to force authentication on any of the url's in that pattern

Reported by: root.lastnode@… Owned by: adrian
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I found that protecting views from unauthorized access can become cumbersom when your building lots of protected pages.

Decorating a view with login_required to force authentication works perfectly, but is not DRY when decorating every view in an app.

In combination with generic views, there are a few problems here and there with generics that are not accepting login_required. (see ticket #1071)

If the url patterns had a way to set login_required on the entire list of expressions, one could protect an entire part of the site
with one simple statement. Mixing protected/unprotected patterns would still allow flexibility designing urlpatterns.

example:

from django.conf.urls.defaults import *

urlpatterns = patterns('myproject.myapp.views',
    (r'^$', 'index'),
)

urlpatterns += auth_patterns('', some_options?,
    (r'^list_protected/$', 'django.views.generic.list_detail.object_list', dict(mydict)),
    (r'^add_protected/$', 'django.views.generic.create_update.create_object', dict(mydict)),
    (r'^update_protected/$', 'django.views.generic.create_update.update_object', dict(mydict)),
    (r'^delete_protected/$', 'django.views.generic.create_update.delete_object', dict(mydict)),
)

Attachments (0)

Change History (2)

comment:1 Changed 8 years ago by anonymous

  • Summary changed from URL Patterns set have login_required or equiv to force authentication on any of the url's in that pattern to URL Patterns to have login_required or equiv to force authentication on any of the url's in that pattern

comment:2 Changed 8 years ago by adrian

  • Resolution set to wontfix
  • Status changed from new to closed

I'm marking this as a wontfix now, because as of [3554], URLconfs can take any callable. That means you can pass login_required(my_generic_view) directly to the URLconf.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.