From e7c870c36ea6f567e7834ce0e74ea0257c8631b7 Mon Sep 17 00:00:00 2001 From: Jacob Kaplan-Moss Date: Fri, 28 Oct 2005 01:30:30 +0000 Subject: [PATCH] Fixed #703: added decorators to require that view be called with a given HTTP REQUEST_METHOD git-svn-id: http://code.djangoproject.com/svn/django/trunk@1016 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/views/decorators/http.py | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/django/views/decorators/http.py b/django/views/decorators/http.py index 13062b630f..b9b6bac757 100644 --- a/django/views/decorators/http.py +++ b/django/views/decorators/http.py @@ -1,9 +1,35 @@ """ -Decorator for views that supports conditional get on ETag and Last-Modified -headers. +Decorators for views based on HTTP headers. """ from django.utils.decorators import decorator_from_middleware from django.middleware.http import ConditionalGetMiddleware +from django.utils.httpwrappers import HttpResponseForbidden conditional_page = decorator_from_middleware(ConditionalGetMiddleware) + +def require_http_methods(request_method_list): + """ + Decorator to make a view only accept particular request methods. Usage:: + + @require_http_methods(["GET", "POST"]) + def my_view(request): + # I can assume now that only GET or POST requests make it this far + # ... + + Note that request methods ARE case sensitive. + """ + def decorator(func): + def inner(request, *args, **kwargs): + method = request.META.get("REQUEST_METHOD", None) + if method not in request_method_list: + raise HttpResponseForbidden("REQUEST_METHOD '%s' not allowed" % method) + return func(request, *args, **kwargs) + return inner + return decorator + +require_GET = require_http_methods(["GET"]) +require_GET.__doc__ = "Decorator to require that a view only accept the GET method." + +require_POST = require_http_methods(["POST"]) +require_POST.__doc__ = "Decorator to require that a view only accept the POST method." \ No newline at end of file