Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I raise PermissionDenied Redirect to another page using CBV?

Tags:

django

django-models

django-views

django-forms

I have a model with my permissions, and in my view using CBV(generic.CreateView) or (generic.DetailView), if a user logged has permissions, he can access the view, if hasn't access, the page Forbidden 403 shows.

But, if a user dont have permission for that view, I want raise exception PermissionDenied, and redirect to a specific page for this error.

My view:

class AddJob(LoginRequiredMixin, PermissionRequiredMixin, generic.CreateView)

   permission required = 'can_create_job'
   model = Job
   fields = ['name', 'description', 'salary']
   success_url = reversy_lazy('job_list)
   context_object_name = 'object_name'

Can anyone help me? Thanks

like image 808
Matheus Soares Avatar asked Oct 14 '25 08:10

Matheus Soares

1 Answers

First of all, you can't do both redirection and raise 404 exception.

That is, you could either redirect to some page if the user has no permission or raise an exception.

Case 1 : raise an exception
to raise the exception, you should add raise_exception = True in your view class as,

class AddJob(LoginRequiredMixin, PermissionRequiredMixin, generic.CreateView):
    permission_required = 'can_create_job'
    model = Job
    fields = ['name', 'description', 'salary']
    success_url = reversy_lazy('job_list')
    context_object_name = 'object_name'
    raise_exception = True # Change is here

Case 2 : redirect to specific page
Set login_url in your view,

class AddJob(LoginRequiredMixin, PermissionRequiredMixin, generic.CreateView):
    permission_required = 'can_create_job'
    model = Job
    fields = ['name', 'description', 'salary']
    success_url = reversy_lazy('job_list')
    context_object_name = 'object_name'
    login_url = '/path/to/specific/page'



What will happen if you set both login_url and raise_exception ?

The AccessMixin class has a method handle_no_permission() which is being called to handle this condition.

Source Code

def handle_no_permission(self):
    if self.raise_exception:
        raise PermissionDenied(self.get_permission_denied_message())
    return redirect_to_login(self.request.get_full_path(), self.get_login_url(), self.get_redirect_field_name())

Here you can see, if you set raise_exception = True, django won't consider the login_url

like image 81
JPG Avatar answered Oct 16 '25 21:10

JPG
Sign in to Comment

Related questions

Django Rest Framework: How to pass data to a nested Serializer and create an object only after custom validation
Custom 403 error page in django rest framework
Django: Related model 'users.UserProfile' cannot be resolved
A Python Decimal equivalent isclose method

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!