Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

permission_required decorator not working for me

Tags:

django

django-admin

I can't figure out why the permission required decorator isn't working. I would like to allow access to a view only for staff members. I have tried

@permission_required('request.user.is_staff',login_url="../admin")
def series_info(request):
  ...

and also 

@permission_required('user.is_staff',login_url="../admin")
def series_info(request):
  ...

As the superuser, I can access the view, but any users I create as staff can't access it and are redirected to the login url page. I tested the login_required decorator and that works fine.

like image 437
Mitch Avatar asked Aug 13 '09 00:08

Mitch

2 Answers

permission_required() must be passed a permission name, not a Python expression in a string. Try this instead:

from contrib.auth.decorators import user_passes_test
def staff_required(login_url=None):
    return user_passes_test(lambda u: u.is_staff, login_url=login_url)

@staff_required(login_url="../admin")
def series_info(request)
...

Thanks. That does work. Do you have an example of how to use permission_required? From the documentation docs.djangoproject.com/en/1.0/… and djangobook.com/en/2.0/chapter14 I thought what I had should work.

Re-read the links you posted; permission_required() will test if a user has been granted a particular permission. It does not test the attributes of the user object.

From http://www.djangobook.com/en/2.0/chapter14/:

def vote(request):
    if request.user.is_authenticated() and request.user.has_perm('polls.can_vote'):
        # vote here
    else:
        return HttpResponse("You can't vote in this poll.")

   #
   #
 # # #
  ###
   #

def user_can_vote(user):
    return user.is_authenticated() and user.has_perm("polls.can_vote")

@user_passes_test(user_can_vote, login_url="/login/")
def vote(request):
    # vote here

   #
   #
 # # #
  ###
   #

from django.contrib.auth.decorators import permission_required

@permission_required('polls.can_vote', login_url="/login/")
def vote(request):
    # vote here
like image 198
John Millikin Avatar answered Nov 06 '22 15:11

John Millikin

This is how I would do it:

from django.contrib.admin.views.decorators import staff_member_required

@staff_member_required
def series_info(request):
    ...

The documentation says about staff_member_required:

Decorator for views that checks that the user is logged in and is a staff member, displaying the login page if necessary.

like image 37
wanson Avatar answered Nov 06 '22 17:11

wanson
Sign in to Comment

Related questions

Error: The 'elasticsearch' backend requires the installation of 'requests'. How do I fix it?
facebook - Not getting full friends list with recent changes (app scoped user id may be) [duplicate]
Migration error with Django 1.7.1
how to get a list of all views in a django application?
How heroku run python manage.py migrate?
Validate and get the user using the jwt token inside a view or consumer
Updated (current) recommendation on Rails versus Django? [closed]
name 'settings' is not defined
How can i query for objects in current year , current month in django
Django - set filter field label or verbose_name
django - reorder queryset after slicing it
how to test django registration app process while in development server (no mail)
how to use django-background-tasks
Issue with DecimalField, max_digits of django models
Did you install mysqlclient?
Django Serialization of DateTime Objects within Dictionary
django-rest-framework: __init__() takes exactly 1 argument (2 given)
What is the way to set ipython notebook server parameters when running notebook with django-extensions?
Throw exception after first call
Django - user is_active

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!