id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
4617	permission_required decorator behaviour is odd	cbrand@…	ctrochalakis	"The permission_required() decorator is a great idea, but in practice its behaviour is odd.

When used, it first checks whether the user is logged in. If they're not, it redirects to the login page. So far, so good.

If they are logged in, it then checks whether they have been granted the specified permission. If they have, it calls the view function and displays the result. Also good.

If they're logged in but don't have the specified permission, it redirects to the login page. This is odd. Sure, they might have another user id they can use, but that sounds unusual to me. In most cases, this is just going to confuse them because they're already logged in.

Surely it would make more sense to return a HttpResponseForbidden in this case, even if the code to achieve that is a little more complex.
"	Bug	closed	contrib.auth	dev	Normal	fixed	easy-pickings dceu2011	Tom Christie	Ready for checkin	1	0	0	0	1	0