id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
26392	Sample code for @permission_required is incorrect	Eric Baumgartner	nobody	"The third code example in the following section is incorrect.

https://docs.djangoproject.com/en/1.9/topics/auth/default/#the-permission-required-decorator

The example currently reads:

If you want to use raise_exception but also give your users a chance to login first, you can add the login_required() decorator:

{{{
from django.contrib.auth.decorators import login_required, permission_required

@permission_required('polls.can_vote', raise_exception=True)
@login_required
def my_view(request):
    ...
}}}
The decorators are in the wrong order. This should be:

{{{
from django.contrib.auth.decorators import login_required, permission_required

@login_required
@permission_required('polls.can_vote', raise_exception=True)
def my_view(request):
    ...
}}}

Decorator order can be tested using three cases:

- User logged in with required permissions (view displays)
- User logged in with inadequate permissions (raise 403 exception)
- User not logged in (redirect to login page)

Currently the first two cases work as expected, but the third raises a 403 instead of allowing login. Reversing the order of the decorators makes all three cases work as expected.
"	Bug	closed	Documentation	1.9	Normal	fixed			Unreviewed	0	0	0	0	0	0