id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
27483	Add a login_required decorator for AJAX requests	Ramin Farajpour Cami	Ramin Farajpour Cami	"Hi,

if users use the `@login_required` decorator or perform manually a redirect to a form on AJAX request , when an Ajax call is made the user is logged in, here is: 

check users,
{{{
from functools import wraps
from django.core.exceptions import PermissionDenied


def ajax_login_required(function):
    def wrap(request, *args, **kwargs):
        if request.user.is_authenticated():
            return function(request, *args, **kwargs)
        return PermissionDenied ## or 401 == not authenticated
    wrap.__doc__ = function.__doc__
    wrap.__name__ = function.__name__
    return wrap
}}}

raise PermissionDenied will cause a `403 `status code or `401  Unauthorized` to be returned to the client,

check superusers:

{{{
from functools import wraps
from django.core.exceptions import PermissionDenied


def ajax_admin_required(function):
    def wrap(request, *args, **kwargs):
        if request.user.is_authenticated() and request.user.is_superuser:
            return function(request, *args, **kwargs)
        return PermissionDenied ## or 401 == not authenticated
    wrap.__doc__ = function.__doc__
    wrap.__name__ = function.__name__
    return wrap
}}}



"	New feature	closed	contrib.auth	1.10	Normal	wontfix			Unreviewed	0	0	0	0	0	0