On Wednesday, April 27, 2016 at 9:55:57 AM UTC+1, guettli wrote:
>
> Am Dienstag, 26. April 2016 16:27:32 UTC+2 schrieb Alasdair Nicol:
>>
>> I haven't needed to explain why permission has been granted, but I have
>> had admins asking me why a user is getting permission denied for a
>> particular
Hi all,
I agree with Thomas here, we shouldn't give any detail to the user
blocked because of permission configuration. We should however log
that somewhere like django-rules-light for the admin.
BTW This proposal looks great, keep up the good work B)
James
--
You received this message because
Am Dienstag, 26. April 2016 16:27:32 UTC+2 schrieb Alasdair Nicol:
>
> I haven't needed to explain why permission has been granted, but I have
> had admins asking me why a user is getting permission denied for a
> particular view. To answer that, you would
>
> 1. Get the url
> 2. Resolve that t
I haven't needed to explain why permission has been granted, but I have had
admins asking me why a user is getting permission denied for a particular
view. To answer that, you would
1. Get the url
2. Resolve that to a view
3. Look up the view in the correct views.py, and check which permissions
I would like to decouple the permission checking in django.
Current draw-back: If you use decorators like [login_required][1], then
you can't know in advance whether a user has the permission to do so or not.
I would like to split this into two steps:
1. check permissions
1. call the view.
