Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#3784 closed (duplicate)

No (obvious) way to restrict an entire site to logged in users

Reported by: ross@… Owned by: Jacob
Component: Uncategorized Version: 0.95
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I have a webapp which I want to restrict access to logged in users only. At the moment my custom views have the @login_required decorator, and I've had to make wrappers for the generic views so that I can decorate those too.

The problem is that as I add views I need to remember to add the decorator, or there is a security hole.

Can there be a trivial way to mark an entire application (or uri space, or something) as login_required?

Change History (4)

comment:1 by mir@…, 18 years ago

Resolution: invalid
Status: newclosed

Please ask at the django-users mailing list; we don't do user support in the ticket system.

comment:2 by Simon G. <dev@…>, 18 years ago

Resolution: invalid
Status: closedreopened

comment:3 by Simon G. <dev@…>, 18 years ago

Resolution: duplicate
Status: reopenedclosed

#3697 is a duplicate feature request.

comment:4 by Simon G. <dev@…>, 18 years ago

In the meantime, Jared Kuolt's written a middleware which does exactly this. You can get it here: http://superjared.com/entry/requiring-login-entire-django-powered-site-redux/

Note: See TracTickets for help on using tickets.
Back to Top