3👍
The desired behavior is the default since 2.1, so the other answers are obsolete:
Changed in 2.1: In older versions, authenticated users who lacked permissions were redirected to the login page (which resulted in a loop) instead of receiving an HTTP 403 Forbidden response. [src]
5👍
For many cases raising 403 for unauthenticated users is the expected behaviour. So yes, you need a custom mixin:
class LoggedInPermissionsMixin(PermissionRequiredMixin):
def dispatch(self, request, *args, **kwargs):
if not self.request.user.is_authenticated():
return redirect_to_login(self.request.get_full_path(),
self.get_login_url(), self.get_redirect_field_name())
if not self.has_permission():
# We could also use "return self.handle_no_permission()" here
raise PermissionDenied(self.get_permission_denied_message())
return super(LoggedInPermissionsMixin, self).dispatch(request, *args, **kwargs)
- How to get rid of the bogus choice generated by RadioSelect of Django Form
- Django datefield and timefield to python datetime
3👍
I wanted to add a comment, but my reputation does not allow. How about the following? I feel the below is more readable?
Updated after comments
My reasoning is: You basically write modified dispatch
from LoginRequiredMixin
and just set raise_exception = True
. PermissionRequiredMixin
will raise PermissionDenied
when correct permissions are not met
class LoggedInPermissionsMixin(PermissionRequiredMixin):
raise_exception = True
def dispatch(self, request, *args, **kwargs):
if not self.request.user.is_authenticated():
return redirect_to_login(self.request.get_full_path(),
self.get_login_url(),
self.get_redirect_field_name())
return super(LoggedInPermissionsMixin, self).dispatch(request, *args, **kwargs)
- Google App Engine and Cloud SQL: Lost connection to MySQL server at 'reading initial communication packet'
- How to configure Apache to run ASGI in Django Channels? Is Apache even required?
- How to declare variables inside Django templates
3👍
Simplest solution seems to be a custom view mixin.
Something like that:
class PermissionsMixin(PermissionRequiredMixin):
def handle_no_permission(self):
self.raise_exception = self.request.user.is_authenticated()
return super(PermissionsMixin, self).handle_no_permission()
Or, just use PermissionRequiredMixin
as usual and put this handle_no_premission
to every CBV.
- Django celery worker to send real-time status and result messages to front end
- How to check if a Django user is still logged in from the client side only?
- Python import as tuple
- Django – How can you include annotated results in a serialized QuerySet?