Authenticate before Authorization
When user is not logged in and given Dashboard has some `permissions` defined, `require_perms` decorator was raising `NotAuthorized('You are not authorized to access %s')` instead of `NotAuthenticated('Please log in to continue.')`. This was caused by the order of decorating the views. The decorator which is applied last is called first in the chain as it wraps the decorators which were applied before. This means that to check for authentication before checking permissions we need to apply the `require_auth` decorator after `require_perms`. Closes-Bug: 1869708 Change-Id: I94d3fa5c1472bb72c9111cab14c6e05180f88589
This commit is contained in:
parent
d8ff9cf0ea
commit
e4fd69292c
|
@ -561,13 +561,13 @@ class Dashboard(Registry, HorizonComponent):
|
|||
urlpatterns.append(
|
||||
url(r'', _wrapped_include(default_panel._decorated_urls)))
|
||||
|
||||
# Require login if not public.
|
||||
if not self.public:
|
||||
_decorate_urlconf(urlpatterns, require_auth)
|
||||
# Apply access controls to all views in the patterns
|
||||
permissions = getattr(self, 'permissions', [])
|
||||
_decorate_urlconf(urlpatterns, require_perms, permissions)
|
||||
_decorate_urlconf(urlpatterns, _current_component, dashboard=self)
|
||||
# Require login if not public.
|
||||
if not self.public:
|
||||
_decorate_urlconf(urlpatterns, require_auth)
|
||||
|
||||
# Return the three arguments to django.conf.urls.include
|
||||
return urlpatterns, self.slug, self.slug
|
||||
|
|
Loading…
Reference in New Issue