Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Django permission_required error message?

Tags:

django

I've added this decorator to one of my views

@permission_required('codename')

When a user visits that page and doesn't have the required permissions, he is redirected the login page, but it doesn't really tell him why he's been redirected there. Worse yet, if he logs in, and still doesn't have the permissions, he's going to be completely clueless as to why he can't access that page!

Isn't there a way I can tap into the messages framework and post an error at the same time?

like image 401
mpen Avatar asked Aug 10 '10 16:08

mpen

4 Answers

Not sure what version of Django you are using, but in Django 1.4 and higher you can use:

from django.contrib.auth.decorators import permission_required

@permission_required('app.permission',raise_exception=True)
def myView(request):
    #your view code

This will raise a 403 exception and if you have a 403.html page at the base of your template folder it will server this out.

If you are using class based views:

from django.views.generic.base import View
from django.contrib.auth.decorators import permission_required
from django.utils.decorators import method_decorator

class MyView(View):

    @method_decorator(permission_required('app.permission',raise_exception=True)
    def get(self, request):
        #your GET view

Hope this helps.

like image 190
Sanjeev Avatar answered Oct 22 '22 07:10

Sanjeev

You can tap into the messages framework and provide an error message. See my answer to an identical question.

like image 24
Manoj Govindan Avatar answered Oct 22 '22 07:10

Manoj Govindan

You could use login_url parameter in this decorator to redirect to some other page, rather than login page. Or you can simply write your own decorator based on the code from django:

def permission_required(perm, login_url=None):
    """
    Decorator for views that checks whether a user has a particular permission
    enabled, redirecting to the log-in page if necessary.
    """
    return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)

Simply change login_url to some redirect_to and it won't cause any confusion.

like image 40
gruszczy Avatar answered Oct 22 '22 06:10

gruszczy

Use @permission_required_or_403('codename')

This will redirect the users to a 403 'permission denied' error page.

like image 1
theycallmemorty Avatar answered Oct 22 '22 06:10

theycallmemorty
Sign in to Comment

Related questions

Unauthorized response to POST request in Django Rest Framework with JWT Token
Python Error : (fields.E304) Reverse accessor for field clashes with reverse accessor for another field
Improve Django queryset performance when using annotate Exists
How to make trailing slash optional in django
Simple JWT add extra field to payload data in token
Getting flake8 returned a non none zero code : 1 in docker
How to implement ldap authentication(without admin credentials) in django
On a django site I am getting socket cluster error
Django.contrib.flatpages without models
Ordering fields inside Inlines in Django Admin
How to fetch the top two products for each product type?
How could I block all non-US IP addresses from access to my website?
how to perform profiling for a website?
How to get restructuredText to add a class to every html <p> tag?
Django: Redirect to current article after comment post
Django-models ForeignKey Objects display Field Name instead of Object Values
Server-side highscores for a Javascript-written game
Generic List View raises Attribute Error: "'function' object has no attribute '_clone'
reddit style voting with django
Python MySQLDB SSL Connection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!