#4617: permission_required decorator behaviour is odd
-----------------------------------------+----------------------------------
Reporter: cbr...@redback.com | Owner: ctrochalakis
Status: assigned | Milestone:
Component: Contrib apps | Version: SVN
Resolution: | Keywords: easy-pickings
Stage: Accepted | Has_patch: 1
Needs_docs: 1 | Needs_tests: 0
Needs_better_patch: 1 |
-----------------------------------------+----------------------------------
Comment (by hvdklauw):
To me it doesn't seem obvious that the permission required checks if you
are logged in first.
With the whole change to authentication backends so anonymous users can
have permissions the logic should be that you check the permission first
and if the user does not have the permission and they are not logged in go
to the login page, else show a 403 (Which really should be added together
with a handler imho)
--
Ticket URL: <http://code.djangoproject.com/ticket/4617#comment:19>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
