Opened 6 years ago
Last modified 6 years ago
#29977 closed New feature
Allow customizing AccessMixin redirect behaviour. — at Initial Version
| Reported by: | Carlton Gibson | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 2.1 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Reported on #28379, ref https://code.djangoproject.com/changeset/9b1125bfc7e2dc747128e6e7e8a2259ff1a7d39f.
note: this change made it to v2.1.3 (https://github.com/django/django/releases/tag/2.1.3)
just raising a 403 for authenticated users is not ideal.
it might be better to give users the possibility to redirect to another url instead of just throwing the 403.
in my case I am using a custom mixin in which I redirect authenticated users to another page and show them a message (that they have been redirected due to missing access rights), anonymous users are redirected to login (the default behaviour). after my update to v2.1.3 this does not work anymore...
it might be better if AccessMixin would have a method something like "get_redirect_url" (defaults to "/") to which an authenticated user will be redirected. an anonymous user is redirected to login.