Login

Auth decorators with 403 - Django 1.11

Author:
raphaelfv
Posted:
May 23, 2018
Language:
Python
Version:
1.10
Tags:
auth user_passes_test 403 permission_required
Score:
0 (after 0 ratings)

This decorator is based on user_passes_test, but when a user is logged in and fails the test, it will render a 403 error instead of redirecting to login - only anonymous users will be asked to login. Version working with Django 1.11, based on version found on [https://djangosnippets.org/snippets/254/] , which is deprecated.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
#-- Based on https://djangosnippets.org/snippets/254/
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.shortcuts import render
from django.http import HttpResponseRedirect
from urllib import quote

def user_passes_test_with_403(test_func, login_url=None):
    """
    Decorator for views that checks that the user passes the given test.

    Anonymous users will be redirected to login_url, while users that fail
    the test will be given a 403 error.
    """
    if not login_url:
        from django.conf import settings
        login_url = settings.LOGIN_URL
    def _dec(view_func):
        def _checklogin(request, *args, **kwargs):
            if test_func(request.user):
                return view_func(request, *args, **kwargs)
            elif not request.user.is_authenticated():
                return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME,  quote(request.get_full_path())))
            else:
                resp = render(request,'html/403.html', context={})
                resp.status_code = 403
                return resp
        _checklogin.__doc__ = view_func.__doc__
        _checklogin.__dict__ = view_func.__dict__
        return _checklogin
    return _dec

More like this

Comments

Please login first before commenting.