#26392 closed Bug (fixed)
Sample code for @permission_required is incorrect
| Reported by: | Eric Baumgartner | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | 1.9 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The third code example in the following section is incorrect.
https://docs.djangoproject.com/en/1.9/topics/auth/default/#the-permission-required-decorator
The example currently reads:
If you want to use raise_exception but also give your users a chance to login first, you can add the login_required() decorator:
from django.contrib.auth.decorators import login_required, permission_required
@permission_required('polls.can_vote', raise_exception=True)
@login_required
def my_view(request):
...
The decorators are in the wrong order. This should be:
from django.contrib.auth.decorators import login_required, permission_required
@login_required
@permission_required('polls.can_vote', raise_exception=True)
def my_view(request):
...
Decorator order can be tested using three cases:
- User logged in with required permissions (view displays)
- User logged in with inadequate permissions (raise 403 exception)
- User not logged in (redirect to login page)
Currently the first two cases work as expected, but the third raises a 403 instead of allowing login. Reversing the order of the decorators makes all three cases work as expected.
Note:
See TracTickets
for help on using tickets.
In c41737d: