Context Navigation

← Previous Ticket
Next Ticket →

#24501 closed Cleanup/optimization (fixed)

Documentation for user_passes_test is wrong and confusing

Reported by:	Janne Enberg	Owned by:	Matt Seymour
Component:	Documentation	Version:	1.7
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	yes	UI/UX:	no

Description

On the page https://docs.djangoproject.com/en/1.7/topics/auth/default/ it says on "Limiting access to logged-in users that pass a test" ( https://docs.djangoproject.com/en/1.7/topics/auth/default/#limiting-access-to-logged-in-users-that-pass-a-test ) the following:

The simple way is to run your test on request.user in the view directly. For example, this view checks to make sure the user has an email in the desired domain:

def my_view(request):
    if not request.user.email.endswith('@example.com'):
        return HttpResponse("You can't vote in this poll.")
    # ...

Then under that there's the "user_passes_test" -documentation and it's mentioned to be a shortcut for the above.

This is just plain wrong, user_passes_test checks for something, then redirects to login page if the test fails. It does not return HttpResponse("You can't vote in this poll.") and it definitely does not return the 403 that makes me expect it to return.

Also there is only a very casual mention of the "login_url" argument but no mention of what it could possibly be used for, e.g. redirecting users there if the test fails.