Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#26392 closed Bug (fixed)

Sample code for @permission_required is incorrect

Reported by: Eric Baumgartner Owned by: nobody
Component: Documentation Version: 1.9
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The third code example in the following section is incorrect.

https://docs.djangoproject.com/en/1.9/topics/auth/default/#the-permission-required-decorator

The example currently reads:

If you want to use raise_exception but also give your users a chance to login first, you can add the login_required() decorator:

from django.contrib.auth.decorators import login_required, permission_required

@permission_required('polls.can_vote', raise_exception=True)
@login_required
def my_view(request):
    ...

The decorators are in the wrong order. This should be:

from django.contrib.auth.decorators import login_required, permission_required

@login_required
@permission_required('polls.can_vote', raise_exception=True)
def my_view(request):
    ...

Decorator order can be tested using three cases:

  • User logged in with required permissions (view displays)
  • User logged in with inadequate permissions (raise 403 exception)
  • User not logged in (redirect to login page)

Currently the first two cases work as expected, but the third raises a 403 instead of allowing login. Reversing the order of the decorators makes all three cases work as expected.

Change History (3)

comment:1 by Tim Graham <timograham@…>, 9 years ago

Resolution: fixed
Status: newclosed

In c41737d:

Fixed #26392 -- Corrected login_required/permission_required stacking example.

comment:2 by Tim Graham <timograham@…>, 9 years ago

In 7dee62f:

[1.9.x] Fixed #26392 -- Corrected login_required/permission_required stacking example.

Backport of c41737dc00e2c8d34046b9f856f23fcc0cb4a82c from master

comment:3 by Tim Graham <timograham@…>, 9 years ago

In a2970a04:

[1.8.x] Fixed #26392 -- Corrected login_required/permission_required stacking example.

Backport of c41737dc00e2c8d34046b9f856f23fcc0cb4a82c from master

Note: See TracTickets for help on using tickets.
Back to Top