Django - redirect to login page against 403

Question

Django - redirect to login page against 403

Why does Django redirect the user to the login page when trying to access permission protected pages? Doesn't it make sense to raise 403? Then I could display a meaningful message in a 403.html file (using custom middleware) so that the user says that they do not have permissions to perform the action. Also, I could identify links to views that the user should not even represent in the first place or to users trying to access forbidden resources.

+4

django login

Tomas Dec 03 '10 at 21:30

source share

2 answers

For future Googlers, the permission_required decorator accepts an optional raise_exception keyword argument, which will include 403 if the user does not have the appropriate permission.

0

Fush Jul 05 '19 at 2:35

source share

Daniel DiPaolo · Accepted Answer · 2010-12-03T21:38:30+0000

If you are talking about the login_required decorator, there is no reason why you should use this. You can write a similar decorator that did what you need (return 403 answer).

Unfortunately, the login_required decorator code is actually a bit complicated, so it would not be easy to copy or modify for your needs, as part of the redirection is actually in the user_passes_test function that they use.

Django - redirect to login page against 403

More articles: