Comments (15)
So what do you see as a solution to this, @benbacardi ? Seems unwieldy to have a distinct class variable for each different mixin.
from django-braces.
Yes, it would be unwieldy to have different class variables for each different mixin. Perhaps something like this on the LoginRequiredMixin
:
class LoginRequiredMixin(AccessMixin):
"""
View mixin which verifies that the user is authenticated.
NOTE:
This should be the left-most mixin of a view, except when
combined with CsrfExemptMixin - which in that case should
be the left-most mixin.
"""
redirect_unauthenticated_users = False
def dispatch(self, request, *args, **kwargs):
if not request.user.is_authenticated():
if self.raise_exception and not self.redirect_unauthenticated_users:
raise PermissionDenied # return a forbidden response
else:
return redirect_to_login(request.get_full_path(),
self.get_login_url(),
self.get_redirect_field_name())
return super(LoginRequiredMixin, self).dispatch(
request, *args, **kwargs)
With the above flag, all existing implementations will work fine, but if you have a LoginRequiredMixin
with any other AccessMixin
, and raise_exception
set to True
, you could add redirect_unauthenticated_users = True
to allow the LoginRequiredMixin
to redirect but all other mixins to raise an exception?
from django-braces.
Any reason why you'd ever want to redirect to a login page if the user is logged in and doesnt have permissions to view the page? IMO the current implementation is flawed, every Mixin that checks user attributes should redirect to the login page if the user is not authenticated. If he is logged in but is not authenticated to view the page, simply return a 403 page
from django-braces.
@Raydiation That's kind of my point, yes - I'd like to be able to throw a 403 if they are logged in and don't have permissions, but redirect to login if they're not logged in.
@kennethlove Any thoughts on my proposed solution?
from django-braces.
I ran into this use case today as well. My user is logged in but not authorized so it's sending them to the login page, which redirects them back to the view ad nauseam until a loop threshold is reached.
@benbacardi solution seems reasonable to me.
from django-braces.
I used braces thinking that this was possible. Turns out it is not. Has anyone tried to add this feature?
from django-braces.
@ryancurrah @scottwoodall @benbacardi @Raydiation We've been looking into it but haven't settled on an official solution yet. Whatever we do, we'd like it to be backwards-compatible if possible, so we're being a bit more cautious here.
from django-braces.
@kennethlove My solution is backwards compatible, did you have any thoughts on it?
from django-braces.
@benbacardi sorry, I think I missed it! That is a really solid solution.
Mind submitting an actual pull request with tests and docs? :)
from django-braces.
Thanks as well @benbacardi good solution using it now!
from django-braces.
This is my solution to address this issue.
from django.core.exceptions import PermissionDenied
from braces.views import (LoginRequiredMixin, PermissionRequiredMixin)
class MyPermissionRequiredMixin(PermissionRequiredMixin):
def no_permissions_fail(self, request=None):
if request and request.user.is_authenticated():
raise PermissionDenied
return super(MyPermissionRequiredMixin, self).no_permissions_fail(request)
class MyView(LoginRequiredMixin, MyPermissionRequiredMixin):
...
raise_exception = False # i.e. the default value
from django-braces.
I think this issue can be closed now can't it?
from django-braces.
I was having this same issue and found an even easier solution than [1]:
class MyStaffUserRequiredMixin(StaffuserRequiredMixin):
raise_exception = True
class MyView(LoginRequiredMixin, MyStaffUserRequiredMixin):
...
[1] #88 (comment)
from django-braces.
Oops, that didn't actually work, as it also overrode the value in LoginRequiredMixin
. :(
from django-braces.
For reference, this appears to have been merged in PR #131, and could be closed therefore.
For reference: I have moved the redirect_unauthenticated_users
attribute to the base class in my PR (#145), which allows for more control of handling the non-authenticated case - which might be interesting for specific use cases mentioned here.
from django-braces.
Related Issues (20)
- Travis CI - end of a era HOT 2
- django-braces looks old HOT 3
- Test coverage should be higher
- Look at refactoring tests
- Set up GH Action for publishing
- Set up GH action for Interrogate
- Re-evaluate the JSON-related mixins HOT 1
- Move away from semver?
- Django 4 ajax HOT 3
- Remove all Python 2 compatibility
- pyproject.toml for config
- Move mixins to `mixins`
- Update form-related mixins
- DRF mixins? HOT 1
- Alias new paths to old paths
- Autopublish?
- Docs
- Simpler tests
- Upgrade to Django 4.2
- Next release?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-braces.