Add a login_required decorator for AJAX requests

[Ramin Farajpour Cami]

Hi,

if users use the @login_required decorator or perform manually a redirect to a form on AJAX request , when an Ajax call is made the user is logged in, here is:

check users,

from functools import wraps
from django.core.exceptions import PermissionDenied


def ajax_login_required(function):
    def wrap(request, *args, **kwargs):
        if request.user.is_authenticated():
            return function(request, *args, **kwargs)
        return PermissionDenied ## or 401 == not authenticated
    wrap.__doc__ = function.__doc__
    wrap.__name__ = function.__name__
    return wrap

raise PermissionDenied will cause a 403 status code or 401 Unauthorized to be returned to the client,

check superusers:

from functools import wraps
from django.core.exceptions import PermissionDenied


def ajax_admin_required(function):
    def wrap(request, *args, **kwargs):
        if request.user.is_authenticated() and request.user.is_superuser:
            return function(request, *args, **kwargs)
        return PermissionDenied ## or 401 == not authenticated
    wrap.__doc__ = function.__doc__
    wrap.__name__ = function.__name__
    return wrap

[Tim Graham]

Similar things have been suggested on Stackoverflow ​1, ​2. I'm not sure whether or not it needs to be in Django, after all it's only a few lines. You could write to the DevelopersMailingList to see what others think.

[Ramin Farajpour Cami]

Thanks,

First :
i think we should have on docs about use @login_required in request AJAX, i don't see this Note for AJAX request must developer cheat to use @login_required on request AJAX while @login_required is not return content type json or html to client,
​https://docs.djangoproject.com/en/1.10/topics/auth/default/#django.contrib.auth.decorators.login_required,

now for subject this ticket ok i will write to google group

[Tim Graham]

Closing, pending further discussion on the mailing list.