Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.

2025-08-04 02:48:35 +00:00 · 2018-03-12 15:48:46 +00:00 · 2018-03-12 15:48:46 +00:00 · df90e462d9
commit df90e462d9
parent c2598a6f4d
3 changed files with 58 additions and 2 deletions
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@ -712,6 +712,10 @@ The ``permission_required`` decorator
        def my_view(request):
            ...

+    This also avoids a redirect loop when :class:`.LoginView`'s
+    ``redirect_authenticated_user=True`` and the logged-in user doesn't have
+    all of the required permissions.
+
 .. currentmodule:: django.contrib.auth.mixins

 The ``PermissionRequiredMixin`` mixin
@ -981,6 +985,10 @@ implementation details see :ref:`using-the-views`.
        <https://robinlinus.github.io/socialmedia-leak/>`_" information
        leakage, host all images and your favicon on a separate domain.

+        Enabling ``redirect_authenticated_user`` can also result in a redirect
+        loop when using the :func:`.permission_required` decorator
+        unless the ``raise_exception`` parameter is used.
+
    * ``success_url_allowed_hosts``: A :class:`set` of hosts, in addition to
      :meth:`request.get_host() <django.http.HttpRequest.get_host>`, that are
      safe for redirecting after login. Defaults to an empty :class:`set`.