In another thread [1] James Bennett suggested to use a middleware to
require login for all views. That is indeed a very simple and elegant
way. Here's the code I ended up with:

from django.contrib.auth.decorators import login_required
from django.conf import settings

public_paths = ['/accounts/register/',
                '/accounts/login/',
                '/accounts/logout/',]

class AuthRequiredMiddleware(object):
    def process_view(self, request, view_func, view_args,
view_kwargs):
        if request.path.startswith(settings.MEDIA_URL) or request.path
in public_paths:
            return None
        else:
            return login_required(view_func)(request, *view_args,
**view_kwargs)


Cheers!

Julien


[1] 
http://groups.google.com/group/django-users/browse_thread/thread/2ab080ac86d9b820/b59196f5a0ecbd85#b59196f5a0ecbd85



On May 21, 11:19 am, Julien <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have a site where pretty much all views (except for register, login
> and logout) require the user to log in. Now that the number of views
> has grown I'd like to test that I didn't forget to protect them with
> the login_required decorator.
>
> I'm looking for an automated way to do that. Is that achievable, and
> if so, how?
>
> I've started looking into unit testing but I'm struggling a bit and
> I'm not sure if that could do the trick. What I'd like to do is test
> all possible urls from the URLConf and spot those that are not
> redirected to the login page.
>
> Any hint?
>
> Thank you,
>
> Julien
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to