mirror of
https://github.com/django/django.git
synced 2025-01-19 06:43:15 +00:00
Fixed #24294 -- Allowed staff_member_required decorator to handle args.
This commit is contained in:
parent
4e8b167e4d
commit
08572e8d12
@ -2,13 +2,17 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
from django.contrib.auth.decorators import user_passes_test
|
||||
|
||||
|
||||
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='admin:login'):
|
||||
def staff_member_required(view_func=None, redirect_field_name=REDIRECT_FIELD_NAME,
|
||||
login_url='admin:login'):
|
||||
"""
|
||||
Decorator for views that checks that the user is logged in and is a staff
|
||||
member, displaying the login page if necessary.
|
||||
member, redirecting to the login page if necessary.
|
||||
"""
|
||||
return user_passes_test(
|
||||
actual_decorator = user_passes_test(
|
||||
lambda u: u.is_active and u.is_staff,
|
||||
login_url=login_url,
|
||||
redirect_field_name=redirect_field_name
|
||||
)(view_func)
|
||||
)
|
||||
if view_func:
|
||||
return actual_decorator(view_func)
|
||||
return actual_decorator
|
||||
|
@ -2125,6 +2125,15 @@ class SecureViewTests(TestCase):
|
||||
self.assertTemplateUsed(response, 'admin/login.html')
|
||||
self.assertEqual(response.context[REDIRECT_FIELD_NAME], secure_url)
|
||||
|
||||
def test_staff_member_required_decorator_works_with_argument(self):
|
||||
"""
|
||||
Ensure that staff_member_required decorator works with an argument
|
||||
(redirect_field_name).
|
||||
"""
|
||||
secure_url = '/test_admin/admin/secure-view2/'
|
||||
response = self.client.get(secure_url)
|
||||
self.assertRedirects(response, '%s?myfield=%s' % (reverse('admin:login'), secure_url))
|
||||
|
||||
|
||||
@override_settings(PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'],
|
||||
ROOT_URLCONF="admin_views.urls")
|
||||
|
@ -5,6 +5,7 @@ from . import admin, custom_has_permission_admin, customadmin, views
|
||||
urlpatterns = [
|
||||
url(r'^test_admin/admin/doc/', include('django.contrib.admindocs.urls')),
|
||||
url(r'^test_admin/admin/secure-view/$', views.secure_view, name='secure_view'),
|
||||
url(r'^test_admin/admin/secure-view2/$', views.secure_view2, name='secure_view2'),
|
||||
url(r'^test_admin/admin/', include(admin.site.urls)),
|
||||
url(r'^test_admin/admin2/', include(customadmin.site.urls)),
|
||||
url(r'^test_admin/admin3/', include(admin.site.get_urls(), 'admin3', 'admin'), dict(form_url='pony')),
|
||||
|
@ -5,3 +5,8 @@ from django.http import HttpResponse
|
||||
@staff_member_required
|
||||
def secure_view(request):
|
||||
return HttpResponse('%s' % request.POST)
|
||||
|
||||
|
||||
@staff_member_required(redirect_field_name='myfield')
|
||||
def secure_view2(request):
|
||||
return HttpResponse('%s' % request.POST)
|
||||
|
Loading…
x
Reference in New Issue
Block a user