#25169 closed Cleanup/optimization (fixed)
Document "stacking" of login_required and permission_required
Reported by: | aithusa | Owned by: | Bryan Marty |
---|---|---|---|
Component: | Documentation | Version: | 1.8 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Related to #4617
As suggested by hvdklauw here, it would be better if the permission_required decorator does not redirect users to 403 immediately without letting them log in as the user may be confused and not know that they were required to log in. I think it would be useful and less confusion for both developer and users.
Change History (9)
comment:1 by , 9 years ago
Summary: | permission_required decorator should only redirect to 403 if user is not logged in → permission_required decorator should only redirect to 403 if user is logged in |
---|
comment:2 by , 9 years ago
comment:3 by , 9 years ago
That's what I did eventually after some googling. If this is not possible to add/fix, would it be possible to putting this on the documentation as I expect quite a few people would like to have such behaviour. Cheers.
comment:4 by , 9 years ago
Component: | Uncategorized → Documentation |
---|---|
Summary: | permission_required decorator should only redirect to 403 if user is logged in → Document "stacking" of login_required and permission_required |
Triage Stage: | Unreviewed → Accepted |
Type: | Uncategorized → Cleanup/optimization |
Sure, care to offer a patch?
comment:5 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:6 by , 9 years ago
Has patch: | set |
---|
I found the wording of the description rather confusing. I think I understand what the original author was commenting on, and I created a pull request based on my understanding. If I understood the ticket wrong, please let me know.
Pull Request:
https://github.com/django/django/pull/5522
That makes some sense, however, backwards compatibility could be an issue. What about stacking
@login_required
before@permission_required
if you need this behavior?