Access decorators no longer redirect if Ajaxy. [bug 651254]

2011-04-21 19:34:58 -04:00 · 2011-04-21 19:34:58 -04:00 · 774d10b10b
--- a/apps/access/decorators.py
+++ b/apps/access/decorators.py
@ -27,7 +27,8 @@ def user_access_decorator(redirect_func, redirect_url_func, deny_func=None,
    """
    def decorator(view_fn):
        def _wrapped_view(request, *args, **kwargs):
-            if redirect_func(request.user):
+            redirect = redirect_func(request.user)
+            if redirect and not request.is_ajax():
                # We must call reverse at the view level, else the threadlocal
                # locale prefixing doesn't take effect.
                redirect_url = redirect_url_func() or reverse('users.login')
@ -39,8 +40,8 @@ def user_access_decorator(redirect_func, redirect_url_func, deny_func=None,
                        redirect_url, redirect_field, path)

                return HttpResponseRedirect(redirect_url)
-
-            if deny_func and deny_func(request.user):
+            elif ((redirect and request.is_ajax()) or
+                  (deny_func and deny_func(request.user))):
                return HttpResponseForbidden()

            return view_fn(request, *args, **kwargs)
--- a/apps/access/tests/test_decorators.py
+++ b/apps/access/tests/test_decorators.py
@ -38,6 +38,15 @@ class LogoutRequiredTestCase(TestCase):
        eq_(302, response.status_code)
        eq_('/bar', response['location'])

+    def test_no_redirect_ajax(self):
+        """Ajax requests should not redirect."""
+        request = test_utils.RequestFactory().get('/foo')
+        request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+        request.user = User.objects.get(username='jsocol')
+        view = logout_required(simple_view)
+        response = view(request)
+        eq_(403, response.status_code)
+

 class LoginRequiredTestCase(TestCase):
    fixtures = ['users.json']
@ -79,6 +88,15 @@ class LoginRequiredTestCase(TestCase):
        response = view(request)
        eq_(200, response.status_code)

+    def test_no_redirect_ajax(self):
+        """Ajax requests should not redirect."""
+        request = test_utils.RequestFactory().get('/foo')
+        request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+        request.user = AnonymousUser()
+        view = login_required(simple_view)
+        response = view(request)
+        eq_(403, response.status_code)
+

 class PermissionRequiredTestCase(TestCase):
    fixtures = ['users.json']
@ -114,3 +132,12 @@ class PermissionRequiredTestCase(TestCase):
        view = permission_required('perm')(simple_view)
        response = view(request)
        eq_(200, response.status_code)
+
+    def test_no_redirect_ajax(self):
+        """Ajax requests should not redirect."""
+        request = test_utils.RequestFactory().get('/foo')
+        request.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+        request.user = AnonymousUser()
+        view = permission_required('perm')(simple_view)
+        response = view(request)
+        eq_(403, response.status_code)