How to pass Django request object in user_passes_test decorator callable function
Asked Answered
J

3

23

I am using Django user_passes_test decorator to check the User Permission.

@user_passes_test(lambda u: has_add_permission(u, "project"))
def create_project(request):
......

I am calling a callback function has_add_permission which takes two arguments User and a String. I would like to pass the request object along with it is that possible? Also, can anyone please tell me how are we able to access the User object inside the decorator directly.

Jacobean answered 8/8, 2012 at 20:22 Comment(3)
I'm curious, how did you end up going about this? Did you write your own decorator?Excellence
Instead of using decorators, I am checking for permissions inside the view code itself. It gave me a better control over the view logic.Jacobean
That's what I ended up doing as well. Thanks!Excellence
M
18

No, you cannot pass request to user_passes_test. To understand why and how it works, just head over to the source:

def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
    """
    Decorator for views that checks that the user passes the given test,
    redirecting to the log-in page if necessary. The test should be a callable
    that takes the user object and returns True if the user passes.
    """

    def decorator(view_func):
        @wraps(view_func, assigned=available_attrs(view_func))
        def _wrapped_view(request, *args, **kwargs):
            if test_func(request.user):
                return view_func(request, *args, **kwargs)
            path = request.build_absolute_uri()
            # If the login url is the same scheme and net location then just
            # use the path as the "next" url.
            login_scheme, login_netloc = urlparse.urlparse(login_url or
                                                        settings.LOGIN_URL)[:2]
            current_scheme, current_netloc = urlparse.urlparse(path)[:2]
            if ((not login_scheme or login_scheme == current_scheme) and
                (not login_netloc or login_netloc == current_netloc)):
                path = request.get_full_path()
            from django.contrib.auth.views import redirect_to_login
            return redirect_to_login(path, login_url, redirect_field_name)
        return _wrapped_view
    return decorator

This is the code behind the user_passes_test decorator. As you can see, the test function passed to the decorator (in your case, lambda u: has_add_permission(u, "project")) is passed just one argument, request.user. Now, it's of course possible to write your own decorator (even copying this code directly and just modifying it) to also pass the request itself, but you can't do it with the default user_passes_test implementation.

Mauriac answered 8/8, 2012 at 20:48 Comment(1)
Thanks Chris. I guess either I have to write a new decorator or do it inside the view code.Jacobean
M
12

Note that Django 1.9 introduced UserPassesTestMixin, which uses a method test_func as test function. This means the request is available in self.request. So you can do something like that:

class MyView(UserPassesTestMixin, View):
    def test_func(self):
        return has_add_permission(self.request.user, self.request)

This only works with class-based views however.

Millstream answered 27/2, 2016 at 20:14 Comment(0)
P
6

I found editing user_passes_test to have the decorated function operate on request rather than request.user not to be overly difficult. I have a short version in this blog post about a view decorator decorator, but for posterity, here's my full edited code:

def request_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
    """
    Decorator for views that checks that the request passes the given test,
    redirecting to the log-in page if necessary. The test should be a callable
    that takes the request object and returns True if the request passes.
    """

    def decorator(view_func):
        @wraps(view_func, assigned=available_attrs(view_func))
        def _wrapped_view(request, *args, **kwargs):
            if test_func(request):
                return view_func(request, *args, **kwargs)
            path = request.build_absolute_uri()
            # urlparse chokes on lazy objects in Python 3, force to str
            resolved_login_url = force_str(
                resolve_url(login_url or settings.LOGIN_URL))
            # If the login url is the same scheme and net location then just
            # use the path as the "next" url.
            login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
            current_scheme, current_netloc = urlparse(path)[:2]
            if ((not login_scheme or login_scheme == current_scheme) and
                    (not login_netloc or login_netloc == current_netloc)):
                path = request.get_full_path()
            from django.contrib.auth.views import redirect_to_login
            return redirect_to_login(
                path, resolved_login_url, redirect_field_name)
        return _wrapped_view
    return decorator

Pretty much the only thing I did was change if test_func(request.user): to if test_func(request):.

Pontiac answered 26/6, 2014 at 6:35 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.