kluchrj
commented
3 years ago I'm not very familiar with django-oscar, but it seems that they use their own permission system that does not leverage the stock Django mixins and decorators (which is the only system this project supports out of the box).
To detect oscar views correctly, you would need to write your own permissions processor.
From my quick glance at the oscar code, they use their own permissions_required decorator that calls django's user_passes_test function (see this class for an example of how permissions auditor processes that).
https://github.com/django-oscar/django-oscar views are all marked as "login required" = red, when they should almost all be detected as login required.