Home/ Questions/Q 309279
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T07:43:38+00:00

I can’t figure out why the permission required decorator isn’t working. I would like

  • 0

I can’t figure out why the permission required decorator isn’t working. I would like to allow access to a view only for staff members. I have tried

@permission_required('request.user.is_staff',login_url="../admin")
def series_info(request):
  ...

and also 

@permission_required('user.is_staff',login_url="../admin")
def series_info(request):
  ...

As the superuser, I can access the view, but any users I create as staff can’t access it and are redirected to the login url page. I tested the login_required decorator and that works fine.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    permission_required() must be passed a permission name, not a Python expression in a string. Try this instead:

    from contrib.auth.decorators import user_passes_test
def staff_required(login_url=None):
    return user_passes_test(lambda u: u.is_staff, login_url=login_url)

@staff_required(login_url="../admin")
def series_info(request)
...

    Thanks. That does work. Do you have an
    example of how to use
    permission_required? From the
    documentation
    docs.djangoproject.com/en/1.0/… and
    djangobook.com/en/2.0/chapter14 I
    thought what I had should work.

    Re-read the links you posted; permission_required() will test if a user has been granted a particular permission. It does not test the attributes of the user object.

    From http://www.djangobook.com/en/2.0/chapter14/:

    def vote(request):
    if request.user.is_authenticated() and request.user.has_perm('polls.can_vote'):
        # vote here
    else:
        return HttpResponse("You can't vote in this poll.")

   #
   #
 # # #
  ###
   #

def user_can_vote(user):
    return user.is_authenticated() and user.has_perm("polls.can_vote")

@user_passes_test(user_can_vote, login_url="/login/")
def vote(request):
    # vote here

   #
   #
 # # #
  ###
   #

from django.contrib.auth.decorators import permission_required

@permission_required('polls.can_vote', login_url="/login/")
def vote(request):
    # vote here
    • 0