#28379: Improve handling lack of permissions in AccessMixin
-------------------------------+-----------------------------------------
Reporter: Dylan Verheul | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 1.11
Severity: Normal | Resolution:
Keywords: permissions | Triage Stage: Someday/Maybe
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+-----------------------------------------
Comment (by Dylan Verheul):
Thanks for clarifying Tim. I checked `django-braces`, no issues filed
there as far as I can see. Of course, core Django has a much wider
audience that django-braces ever had (with all due respect, former
`django-braces` user here, very happy to see their ideas pulled into the
main project).
Fact is that the default settings of Django now result in an infinite
redirect to the login view if an authenticated user hits an AccessMixin
and fails the conditions. That should be fixed at least. If changing the
default value is too big a change, I'd vote to at least raise
Permissiondenied when an authenticated user hits AccessMixin without
meeting the conditions. Redirecting an authenticated user to the login
page does not make any sense.
--
Ticket URL: <https://code.djangoproject.com/ticket/28379#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/062.7461db340dcaf3009d4029fd7433677c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
