Code

Opened 7 years ago

Closed 3 years ago

#6056 closed New feature (wontfix)

another auth decorator permission_required_or_message propose

Reported by: yong27@… Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords: auth decorator permission_required
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Decorator "permission_required" is very useful, but when the user is authenticated and do not have the permission, it redirect him to login_url. It seems to be unfamiliar.

I think authenticated user have to see "has no permission" message and redirect to referer url, so I propose permission_required_or_message decorator like as attachment.

Attachments (2)

contrib_auth_decorators.py.diff (1.9 KB) - added by yong27@… 7 years ago.
contrib_auth_decorators.py.2.diff (1.9 KB) - added by yong27@… 7 years ago.
sorry, some typo fixed

Download all attachments as: .zip

Change History (7)

Changed 7 years ago by yong27@…

Changed 7 years ago by yong27@…

sorry, some typo fixed

comment:1 Changed 6 years ago by PJCrosier

  • Keywords auth added
  • Needs documentation set
  • Needs tests set
  • Patch needs improvement unset

comment:2 Changed 6 years ago by guettli

  • Triage Stage changed from Unreviewed to Design decision needed

I suggest a different solution: You should be able to pass a message to the login page via HTTP GET.
This does not need a new decorator and could be used for other things, too.

Example for different usage: After Log-Out you could be redirected to the login page and display
there: 'You have been logged out. You can log in again.'.

comment:3 Changed 3 years ago by gabrielhurley

  • Component changed from Contrib apps to contrib.auth

comment:4 Changed 3 years ago by gabrielhurley

  • Severity set to Normal
  • Type set to New feature

comment:5 Changed 3 years ago by Alex

  • Easy pickings unset
  • Resolution set to wontfix
  • Status changed from new to closed
  • UI/UX unset

After discussion with Carl: we're wontfixing this, because the desired behavior on a permission failure is project specific, and thus cannot live in Django, and this decorator can easily live outside of Django.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.