Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#3784 closed (duplicate)

No (obvious) way to restrict an entire site to logged in users

Reported by: ross@… Owned by: Jacob
Component: Uncategorized Version: 0.95
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I have a webapp which I want to restrict access to logged in users only. At the moment my custom views have the @login_required decorator, and I've had to make wrappers for the generic views so that I can decorate those too.

The problem is that as I add views I need to remember to add the decorator, or there is a security hole.

Can there be a trivial way to mark an entire application (or uri space, or something) as login_required?

Change History (4)

comment:1 Changed 10 years ago by mir@…

Resolution: invalid
Status: newclosed

Please ask at the django-users mailing list; we don't do user support in the ticket system.

comment:2 Changed 10 years ago by Simon G. <dev@…>

Resolution: invalid
Status: closedreopened

comment:3 Changed 10 years ago by Simon G. <dev@…>

Resolution: duplicate
Status: reopenedclosed

#3697 is a duplicate feature request.

comment:4 Changed 10 years ago by Simon G. <dev@…>

In the meantime, Jared Kuolt's written a middleware which does exactly this. You can get it here: http://superjared.com/entry/requiring-login-entire-django-powered-site-redux/

Note: See TracTickets for help on using tickets.
Back to Top