search

AACEngineering / django-permissions-auditor

Tool to audit access control on your django app.
https://django-permissions-auditor.readthedocs.io/en/latest/
MIT License
20 stars 4 forks source link

Detects login_required through @method_decorator #1

Closed sidneijp closed 4 years ago

sidneijp commented 4 years ago

Hi,

I'm started using it recently and notice that in cases where Django's CBVs are used with from django.utils.decorators.method_decorator it does not work. You can see such behavior in django.contrib.auth.view.

https://github.com/django/django/blob/master/django/contrib/auth/views.py

Have you are tried to cover this "case"?

P.S.: great project, very useful. I'll certainly keep using it in my projects hahahaha

kluchrj commented 4 years ago

I initially avoided creating processors for decorators on class based views since it didn't seem like a common use case (using mixins on classes seems much cleaner imo).

However since Django itself uses them I'll see if I can add support for it. I'll also try to get nested decorator support working while I'm at it.

kluchrj commented 4 years ago

I've released 1.0.0 which adds support for @method_decorator and decorator nesting. It turned out to be quite complex, so let me know if you encounter any cases where it doesn't detect properly.