Fix for infinite redirects caused by lacking permissions, closes #30

simonw · May 16, 2021 · f994437 · f994437
1 parent 1abe5f7
commit f994437
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/django_sql_dashboard/views.py b/django_sql_dashboard/views.py
@@ -53,7 +53,7 @@ class Meta:
         }
 
 
-@permission_required("django_sql_dashboard.execute_sql")
+@permission_required("django_sql_dashboard.execute_sql", raise_exception=True)
 def dashboard_index(request):
     sql_queries = []
     too_long_so_use_post = False

diff --git a/test_project/test_dashboard_permissions.py b/test_project/test_dashboard_permissions.py
@@ -12,6 +12,13 @@ def test_anonymous_users_denied(client):
     assert response.url == "/accounts/login/?next=/dashboard/%3Fsql%3Dselect%2B1"
 
 
+def test_user_without_permission_gets_403(client, dashboard_db):
+    user = User.objects.create(username="noperm", is_active=True, is_staff=True)
+    client.force_login(user)
+    response = client.get("/dashboard/")
+    assert response.status_code == 403
+
+
 def test_superusers_allowed(admin_client, dashboard_db):
     response = admin_client.get("/dashboard/")
     assert response.status_code == 200