Django - redirect to login page vs. 403

Why does Django redirects user to login page when trying to access pages protected by permissions? Wouldn't it make more sense to raise 403? Then I could display meaningful message in 403.html (using custom middleware) to user saying they don't have permissions to perform the action. Also I would be able to identify links to views that user shouldn't even be presented with at first place or users trying to access forbidden resources.

Answers


If you're talking about the login_required decorator, there's no reason you have to use that. You could write a similar decorator that did the very thing you're looking for (return a 403 response).

Unfortunately, the login_required decorator code is actually somewhat complex so it wouldn't be trivial to just copy/modify for your needs, as the redirect portion is actually within the user_passes_test function that they use.


Need Your Help

The best way of creating a simple voting system

database data client-side server-side

I want to create a simple voting system, where people can vote for a candidate and the the votes for each candidate gets displayed on the website dynamically.

Other examples of magical calculations

performance language-agnostic math

I have seen this topic here about John Carmack's magical way to calculate square root, which refers to this article: http://www.codemaestro.com/reviews/9. This surprised me a lot, I just didn't ever