summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorNick Pope <nick.pope@flightdataservices.com>2018-03-12 15:48:46 +0000
committerTim Graham <timograham@gmail.com>2018-04-19 11:07:53 -0400
commit61fc315230d001faeebf5359308563023ada4948 (patch)
tree4fe0fe28636915736220d6da46ea8e2cc5ba2c12 /docs
parent0d2ec8db483a900c27b8fada30688ef8f25cecfa (diff)
[2.0.x] Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.
Backport of df90e462d91d3a77aa89b69d791bf17c2bf7ff9b from master
Diffstat (limited to 'docs')
-rw-r--r--docs/topics/auth/default.txt8
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt
index aedf61dc9f..24390757ee 100644
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@@ -716,6 +716,10 @@ The ``permission_required`` decorator
def my_view(request):
...
+ This also avoids a redirect loop when :class:`.LoginView`'s
+ ``redirect_authenticated_user=True`` and the logged-in user doesn't have
+ all of the required permissions.
+
.. currentmodule:: django.contrib.auth.mixins
The ``PermissionRequiredMixin`` mixin
@@ -991,6 +995,10 @@ implementation details see :ref:`using-the-views`.
<https://robinlinus.github.io/socialmedia-leak/>`_" information
leakage, host all images and your favicon on a separate domain.
+ Enabling ``redirect_authenticated_user`` can also result in a redirect
+ loop when using the :func:`.permission_required` decorator
+ unless the ``raise_exception`` parameter is used.
+
* ``success_url_allowed_hosts``: A :class:`set` of hosts, in addition to
:meth:`request.get_host() <django.http.HttpRequest.get_host>`, that are
safe for redirecting after login. Defaults to an empty :class:`set`.