Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#29212 closed Bug (fixed)

Redirect loop with @permission_required and redirect_authenticated_user

Reported by: Nick Pope Owned by: Nick Pope
Component: Documentation Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The redirect_authenticated_user option was added by ticket #12233.
When combined with @permission_required and the user does not have the specified permission(s), a redirect loop can occur.

We should document (and add tests) for this behaviour and recommend the following pattern to avoid the issue:

@login_required
@permission_required('permission', raise_exception=True)
def view(request):
    # ...

Documentation to be updated:

Change History (5)

comment:1 Changed 4 years ago by Nick Pope

Component: UncategorizedDocumentation
Has patch: set
Owner: changed from nobody to Nick Pope
Status: newassigned
Type: UncategorizedBug
Version: 2.0master

comment:2 Changed 4 years ago by Tim Graham

Triage Stage: UnreviewedAccepted

comment:3 Changed 4 years ago by Carlton Gibson

Triage Stage: AcceptedReady for checkin

comment:4 Changed 4 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: assignedclosed

In df90e46:

Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.

comment:5 Changed 4 years ago by Tim Graham <timograham@…>

In 61fc315:

[2.0.x] Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.

Backport of df90e462d91d3a77aa89b69d791bf17c2bf7ff9b from master

Note: See TracTickets for help on using tickets.
Back to Top