Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#3784 closed (duplicate)

No (obvious) way to restrict an entire site to logged in users

Reported by: ross@… Owned by: jacob
Component: Uncategorized Version: 0.95
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I have a webapp which I want to restrict access to logged in users only. At the moment my custom views have the @login_required decorator, and I've had to make wrappers for the generic views so that I can decorate those too.

The problem is that as I add views I need to remember to add the decorator, or there is a security hole.

Can there be a trivial way to mark an entire application (or uri space, or something) as login_required?

Change History (4)

comment:1 Changed 8 years ago by mir@…

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

Please ask at the django-users mailing list; we don't do user support in the ticket system.

comment:2 Changed 8 years ago by Simon G. <dev@…>

  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:3 Changed 8 years ago by Simon G. <dev@…>

  • Resolution set to duplicate
  • Status changed from reopened to closed

#3697 is a duplicate feature request.

comment:4 Changed 8 years ago by Simon G. <dev@…>

In the meantime, Jared Kuolt's written a middleware which does exactly this. You can get it here: http://superjared.com/entry/requiring-login-entire-django-powered-site-redux/

Note: See TracTickets for help on using tickets.
Back to Top