#29977: Allow customizing AccessMixin redirect
--------------------------------+--------------------------------------
Reporter: Carlton Gibson | Owner: nobody
Type: New feature | Status: closed
Component: contrib.auth | Version: 2.1
Severity: Normal | Resolution: needsinfo
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------+--------------------------------------
Changes (by Tim Graham):
* status: new => closed
* type: Uncategorized => New feature
* resolution: => needsinfo
Old description:
> Reported on #28379, ref
> https://code.djangoproject.com/changeset/9b1125bfc7e2dc747128e6e7e8a2259ff1a7d39f.
>
> > note: this change made it to v2.1.3
> (https://github.com/django/django/releases/tag/2.1.3)
> >
> > just raising a 403 for authenticated users is not ideal.
> >
> > it might be better to give users the possibility to redirect to another
> url instead of just throwing the 403.
> >
> > in my case I am using a custom mixin in which I redirect authenticated
> users to another page and show them a message (that they have been
> redirected due to missing access rights), anonymous users are redirected
> to login (the default behaviour). after my update to v2.1.3 this does not
> work anymore...
> >
> > it might be better if AccessMixin would have a method something like
> "get_redirect_url" (defaults to "/") to which an authenticated user will
> be redirected. an anonymous user is redirected to login.
New description:
Reported on #28379, ref 9b1125bfc7e2dc747128e6e7e8a2259ff1a7d39f.
>
> just raising a 403 for authenticated users is not ideal.
>
> it might be better to give users the possibility to redirect to another
url instead of just throwing the 403.
>
> in my case I am using a custom mixin in which I redirect authenticated
users to another page and show them a message (that they have been
redirected due to missing access rights), anonymous users are redirected
to login (the default behaviour). after my update to v2.1.3 this does not
work anymore...
>
> it might be better if AccessMixin would have a method something like
"get_redirect_url" (defaults to "/") to which an authenticated user will
be redirected. an anonymous user is redirected to login.
--
Comment:
Without the reporter's code, it's not clear to me why overriding
`AccessMixin.handle_no_permission()` isn't sufficient.
--
Ticket URL: <https://code.djangoproject.com/ticket/29977#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/071.72029f384a6027401edf625534ca3b74%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
