Fixed #4617 -- Added `raise_exception` option to `permission_required`...

from functools import wraps

from django.conf import settings

from django.contrib.auth import REDIRECT_FIELD_NAME

from django.core.exceptions import PermissionDenied

from django.utils.decorators import available_attrs

    return actual_decorator

def permission_required(perm, login_url=None):

def permission_required(perm, login_url=None, raise_exception=False):

    """

    Decorator for views that checks whether a user has a particular permission

    enabled, redirecting to the log-in page if necessary.

    enabled, redirecting to the log-in page if neccesary.

    If the raise_exception parameter is given the PermissionDenied exception

    is raised.

    """

    return user_passes_test(lambda u: u.has_perm(perm), login_url=login_url)

    def check_perms(user):

        # First check if the user has the permission (even anon users)

        if user.has_perm(perm):

            return True

        # In case the 403 handler should be called raise the exception

        if raise_exception:

            raise PermissionDenied

        # As the last resort, show the login form

        return False

    return user_passes_test(check_perms, login_url=login_url)

            return HttpResponse("You can't vote in this poll.")

        # ...

.. function:: user_passes_test()

.. function:: user_passes_test(func, [login_url=None])

    As a shortcut, you can use the convenient ``user_passes_test`` decorator::

The permission_required decorator

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.. function:: permission_required()

.. function:: permission_required([login_url=None, raise_exception=False])

    It's a relatively common task to check whether a user has a particular

    permission. For that reason, Django provides a shortcut for that case: the

    As in the :func:`~decorators.login_required` decorator, ``login_url``

    defaults to :setting:`settings.LOGIN_URL <LOGIN_URL>`.

    .. versionchanged:: 1.4

    Added ``raise_exception`` parameter. If given, the decorator will raise

    :exc:`~django.core.exceptions.PermissionDenied`, prompting

    :ref:`the 403 (HTTP Forbidden) view<http_forbidden_view>` instead of

    redirecting to the login page.

.. currentmodule:: django.contrib.auth

Limiting access to generic views

.. _django/contrib/auth/backends.py: http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/backends.py

.. _anonymous_auth:

Authorization for anonymous users

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        # TODO: Log in with right permissions and request the page again

    def test_view_with_permissions_exception(self):

        "Request a page that is protected with @permission_required but raises a exception"

        # Get the page without logging in. Should result in 403.

        response = self.client.get('/test_client/permission_protected_view_exception/')

        self.assertEquals(response.status_code, 403)

        # Log in

        login = self.client.login(username='testclient', password='password')

        self.assertTrue(login, 'Could not log in')

        # Log in with wrong permissions. Should result in 403.

        response = self.client.get('/test_client/permission_protected_view_exception/')

        self.assertEquals(response.status_code, 403)

    def test_view_with_method_permissions(self):

        "Request a page that is protected with a @permission_required method"

    (r'^login_protected_method_view/$', views.login_protected_method_view),

    (r'^login_protected_view_custom_redirect/$', views.login_protected_view_changed_redirect),

    (r'^permission_protected_view/$', views.permission_protected_view),

    (r'^permission_protected_view_exception/$', views.permission_protected_view_exception),

    (r'^permission_protected_method_view/$', views.permission_protected_method_view),

    (r'^session_view/$', views.session_view),

    (r'^broken_view/$', views.broken_view),

    return HttpResponse(t.render(c))

login_protected_view_changed_redirect = login_required(redirect_field_name="redirect_to")(login_protected_view_changed_redirect)

def permission_protected_view(request):

def _permission_protected_view(request):

    "A simple view that is permission protected."

    t = Template('This is a permission protected test. '

                 'Username is {{ user.username }}. '

                 name='Permissions Template')

    c = Context({'user': request.user})

    return HttpResponse(t.render(c))

permission_protected_view = permission_required('modeltests.test_perm')(permission_protected_view)

permission_protected_view = permission_required('modeltests.test_perm')(_permission_protected_view)

permission_protected_view_exception = permission_required('modeltests.test_perm', raise_exception=True)(_permission_protected_view)

class _ViewManager(object):

    @method_decorator(login_required)