Access decorators no longer redirect if Ajaxy. [bug 651254]

mythmon · Apr 21, 2011 · 774d10b · 774d10b
1 parent e35bd18
commit 774d10b
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 3 deletions.
diff --git a/apps/access/decorators.py b/apps/access/decorators.py
@@ -27,7 +27,8 @@ def user_access_decorator(redirect_func, redirect_url_func, deny_func=None,
     """
     def decorator(view_fn):
         def _wrapped_view(request, *args, **kwargs):
-            if redirect_func(request.user):
+            redirect = redirect_func(request.user)
+            if redirect and not request.is_ajax():
                 # We must call reverse at the view level, else the threadlocal
                 # locale prefixing doesn't take effect.
                 redirect_url = redirect_url_func() or reverse('users.login')
@@ -39,8 +40,8 @@ def _wrapped_view(request, *args, **kwargs):
                         redirect_url, redirect_field, path)
 
                 return HttpResponseRedirect(redirect_url)
-
-            if deny_func and deny_func(request.user):
+            elif ((redirect and request.is_ajax()) or
+                  (deny_func and deny_func(request.user))):
                 return HttpResponseForbidden()
 
             return view_fn(request, *args, **kwargs)

diff --git a/apps/access/tests/test_decorators.py b/apps/access/tests/test_decorators.py
@@ -38,6 +38,15 @@ def test_logged_in_argument(self):
         eq_(302, response.status_code)
         eq_('/bar', response['location'])
 
+    def test_no_redirect_ajax(self):
+        """Ajax requests should not redirect."""
+        request = test_utils.RequestFactory().get('/foo')
+        request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+        request.user = User.objects.get(username='jsocol')
+        view = logout_required(simple_view)
+        response = view(request)
+        eq_(403, response.status_code)
+
 
 class LoginRequiredTestCase(TestCase):
     fixtures = ['users.json']
@@ -79,6 +88,15 @@ def test_logged_in_inactive_allow(self):
         response = view(request)
         eq_(200, response.status_code)
 
+    def test_no_redirect_ajax(self):
+        """Ajax requests should not redirect."""
+        request = test_utils.RequestFactory().get('/foo')
+        request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+        request.user = AnonymousUser()
+        view = login_required(simple_view)
+        response = view(request)
+        eq_(403, response.status_code)
+
 
 class PermissionRequiredTestCase(TestCase):
     fixtures = ['users.json']
@@ -114,3 +132,12 @@ def test_logged_in_admin(self):
         view = permission_required('perm')(simple_view)
         response = view(request)
         eq_(200, response.status_code)
+
+    def test_no_redirect_ajax(self):
+        """Ajax requests should not redirect."""
+        request = test_utils.RequestFactory().get('/foo')
+        request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+        request.user = AnonymousUser()
+        view = permission_required('perm')(simple_view)
+        response = view(request)
+        eq_(403, response.status_code)