#24501 closed Cleanup/optimization (fixed)
Documentation for user_passes_test is wrong and confusing
Reported by: | Janne Enberg | Owned by: | Matt Seymour |
---|---|---|---|
Component: | Documentation | Version: | 1.7 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
On the page https://docs.djangoproject.com/en/1.7/topics/auth/default/ it says on "Limiting access to logged-in users that pass a test" ( https://docs.djangoproject.com/en/1.7/topics/auth/default/#limiting-access-to-logged-in-users-that-pass-a-test ) the following:
The simple way is to run your test on request.user in the view directly. For example, this view checks to make sure the user has an email in the desired domain: def my_view(request): if not request.user.email.endswith('@example.com'): return HttpResponse("You can't vote in this poll.") # ...
Then under that there's the "user_passes_test" -documentation and it's mentioned to be a shortcut for the above.
This is just plain wrong, user_passes_test checks for something, then redirects to login page if the test fails. It does not return HttpResponse("You can't vote in this poll.") and it definitely does not return the 403 that makes me expect it to return.
Also there is only a very casual mention of the "login_url" argument but no mention of what it could possibly be used for, e.g. redirecting users there if the test fails.
Change History (6)
comment:1 by , 10 years ago
Easy pickings: | set |
---|---|
Triage Stage: | Unreviewed → Accepted |
Type: | Bug → Cleanup/optimization |
comment:2 by , 10 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:3 by , 10 years ago
Has patch: | set |
---|
Added pull request at : https://github.com/django/django/pull/4369
Hi,
You're right, the two examples are inconsistent and can be confusing.
There's definitely room for improvement here.
Thanks.