[Django] #25169: permission_required decorator should only redirect to 403 if user is not logged in
Django
logged in
-------------------------------+--------------------
Reporter: aithusa | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.8
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Related to #4617
As suggested by hvdklauw
[https://code.djangoproject.com/ticket/4617#comment:19 here], it would be
better if the permission_required decorator does not redirect users to 403
immediately without letting them log in as the user may be confused and
not know that they were required to log in. I think it would be useful and
less confusion for both developer and users.
--
Ticket URL: <https://code.djangoproject.com/ticket/25169>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
in
-------------------------------+--------------------------------------
Reporter: aithusa | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.8
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by aithusa):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:1>
Django
in
-------------------------------+--------------------------------------
Reporter: aithusa | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.8
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by timgraham):
That makes some sense, however, backwards compatibility could be an issue.
What about stacking `@login_required` before `@permission_required` if you
need this behavior?
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:2>
Django
in
-------------------------------+--------------------------------------
Reporter: aithusa | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.8
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by aithusa):
That's what I did eventually after some googling. If this is not possible
to add/fix, would it be possible to putting this on the documentation as I
expect quite a few people would like to have such behaviour. Cheers.
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:3>
Django
--------------------------------------+------------------------------------
Reporter: aithusa | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* component: Uncategorized => Documentation
* type: Uncategorized => Cleanup/optimization
* stage: Unreviewed => Accepted
Comment:
Sure, care to offer a patch?
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:4>
Django
--------------------------------------+------------------------------------
Type: Cleanup/optimization | Status: assigned
Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by bxm156):
* status: new => assigned
* owner: nobody => bxm156
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:5>
Django
--------------------------------------+------------------------------------
Reporter: aithusa | Owner: bxm156
Type: Cleanup/optimization | Status: assigned
Component: Documentation | Version: 1.8
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by bxm156):
* has_patch: 0 => 1
Comment:
I found the wording of the description rather confusing. I think I
understand what the original author was commenting on, and I created a
pull request based on my understanding. If I understood the ticket wrong,
please let me know.
Pull Request:
https://github.com/django/django/pull/5522
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:6>
Django
--------------------------------------+------------------------------------
Reporter: aithusa | Owner: bxm156
Component: Documentation | Version: 1.8
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"9788625277b85596302bbf2c39cf829b7a766a4f" 9788625]:
{{{
#!CommitTicketReference repository=""
revision="9788625277b85596302bbf2c39cf829b7a766a4f"
Fixed #25169 -- Documented stacking of permission_required and
login_required.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:7>
Django
--------------------------------------+------------------------------------
Reporter: aithusa | Owner: bxm156
Type: Cleanup/optimization | Status: closed
Component: Documentation | Version: 1.8
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"16c1075d335c4dbe84b0ef634b95b8a2eca1691d" 16c1075]:
{{{
#!CommitTicketReference repository=""
revision="16c1075d335c4dbe84b0ef634b95b8a2eca1691d"
[1.8.x] Fixed #25169 -- Documented stacking of permission_required and
login_required.
Backport of 9788625277b85596302bbf2c39cf829b7a766a4f from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:8>
Django
--------------------------------------+------------------------------------
Reporter: aithusa | Owner: bxm156
Type: Cleanup/optimization | Status: closed
Component: Documentation | Version: 1.8
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"8e23527075b15704451e3d51bf776e3fda8b09e7" 8e23527]:
{{{
#!CommitTicketReference repository=""
revision="8e23527075b15704451e3d51bf776e3fda8b09e7"
[1.9.x] Fixed #25169 -- Documented stacking of permission_required and
login_required.
Backport of 9788625277b85596302bbf2c39cf829b7a766a4f from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/25169#comment:9>