Opened 8 years ago

Closed 5 years ago

#6056 closed New feature (wontfix)

another auth decorator permission_required_or_message propose

Reported by: yong27@… Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords: auth decorator permission_required
Cc: Triage Stage: Design decision needed
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no


Decorator "permission_required" is very useful, but when the user is authenticated and do not have the permission, it redirect him to login_url. It seems to be unfamiliar.

I think authenticated user have to see "has no permission" message and redirect to referer url, so I propose permission_required_or_message decorator like as attachment.

Attachments (2) (1.9 KB) - added by yong27@… 8 years ago. (1.9 KB) - added by yong27@… 8 years ago.
sorry, some typo fixed

Download all attachments as: .zip

Change History (7)

Changed 8 years ago by yong27@…

Changed 8 years ago by yong27@…

sorry, some typo fixed

comment:1 Changed 8 years ago by PJCrosier

  • Keywords auth added
  • Needs documentation set
  • Needs tests set
  • Patch needs improvement unset

comment:2 Changed 8 years ago by guettli

  • Triage Stage changed from Unreviewed to Design decision needed

I suggest a different solution: You should be able to pass a message to the login page via HTTP GET.
This does not need a new decorator and could be used for other things, too.

Example for different usage: After Log-Out you could be redirected to the login page and display
there: 'You have been logged out. You can log in again.'.

comment:3 Changed 5 years ago by gabrielhurley

  • Component changed from Contrib apps to contrib.auth

comment:4 Changed 5 years ago by gabrielhurley

  • Severity set to Normal
  • Type set to New feature

comment:5 Changed 5 years ago by Alex

  • Easy pickings unset
  • Resolution set to wontfix
  • Status changed from new to closed
  • UI/UX unset

After discussion with Carl: we're wontfixing this, because the desired behavior on a permission failure is project specific, and thus cannot live in Django, and this decorator can easily live outside of Django.

Note: See TracTickets for help on using tickets.
Back to Top