1
0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00

Fixed #24253 -- Documented staff_member_required decorator.

This commit is contained in:
Andrei Kulakov
2015-03-09 14:50:01 -04:00
committed by Tim Graham
parent b089759d60
commit e8a758e941
2 changed files with 35 additions and 1 deletions

View File

@@ -2717,3 +2717,29 @@ The action in the examples above match the last part of the URL names for
:class:`ModelAdmin` instances described above. The ``opts`` variable can be any
object which has an ``app_label`` and ``model_name`` attributes and is usually
supplied by the admin views for the current model.
.. currentmodule:: django.contrib.admin.views.decorators
The ``staff_member_required`` decorator
=======================================
.. function:: staff_member_required([redirect_field_name=REDIRECT_FIELD_NAME, login_url='admin:login'])
This decorator is used on the admin views that require authorization. A
view decorated with this function will having the following behavior:
* If the user is logged in, is a staff member (``User.is_staff=True``), and
is active (``User.is_active=True``), execute the view normally.
* Otherwise, the request will be redirected to the URL specified by the
``login_url`` parameter, with the originally requested path in a query
string variable specified by ``redirect_field_name``. For example:
``/admin/login/?next=/admin/polls/question/3/``.
Example usage::
from django.contrib.admin.views.decorators import staff_member_required
@staff_member_required
def my_view(request):
...

View File

@@ -485,7 +485,15 @@ The login_required decorator
.. note::
The login_required decorator does NOT check the is_active flag on a user.
The ``login_required`` decorator does NOT check the ``is_active`` flag on a
user.
.. seealso::
If you are writing custom views for Django's admin (or need the same
authorization check that the built-in views use), you may find the
:func:`django.contrib.admin.views.decorators.staff_member_required`
decorator a useful alternative to ``login_required()``.
Limiting access to logged-in users that pass a test
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~