I've been working on Brian Beck's original django_cas module which is
used for only authentication against Yale CAS (central authentication
service). Django_cas relies on the contrib.auth backend for storing
all existing user permissions. The django_cas plugin takes the url
for /accounts/login/ so it can act as a drop-in replacement/
augmentation for contrib.auth.
I've talked about this issue before but devised a local workaround
with a custom @permission_required. In trying to make it drop in,
_CheckLogin gets in my way.
In __call__(), if the test_func fails, it redirects the user to the
accounts/login url. The trouble is that test_func is doing both
u.is_authenticated() and u.has_perm(). If u.has_perm fails but we
have a valid user, this sets up the infinite loop.
/accounts/login -> permission failed -> /accounts/login ->
permission failed -> [...]
I can work around with the following code in decorators.py. Would
this approach be acceptable for integration?
def __call__(self, request, *args, **kwargs):
""" Execute the test_function for the end user,
otherwise, redirect them to an appropriate page """
if self.test_func(request.user):
return self.view_func(request, *args, **kwargs)
path = urlquote(request.get_full_path())
if request.user.is_authenticated():
# pushing the user back through the login_url only makes
# sense if they haven't already done that.
return HttpResponseForbidden("<h1>Access Forbidden: You do
not have rights to %s</h1>" % path)
tup = self.login_url, self.redirect_field_name, path
return HttpResponseRedirect('%s?%s=%s' % tup)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en
-~----------~----~----~----~------~----~------~--~---
