Closed jayvdb closed 3 years ago
In my projects, I blacklist these like so:
PERMISSIONS_AUDITOR_BLACKLIST = {
'namespaces': [
...
],
'view_names': [
'django.views.generic.base.RedirectView',
],
'modules': [
...
]
]
I'll consider adding this setting to the defaults. Thanks for the report.
Adding that to defaults sounds like a good solution.
I have a set of views grouped under "django.views.generic.base" that are all
RedirectView
.They are from a wide variety of installable apps, so grouping them under "django.views.generic.base" is a bit confusing.
Many are paths ending in
/
like/admin/socialaccount/socialapp/<path:object_id>/
. These are a special case, redirecting to the same path without the trailing/
. Many of them are under/admin/..
but they have "login required"= false.It would be nice to hide these by default, behind a setting like "
IGNORE_ADMIN_SLASH_REDIRECTS
".In addition I have the following, again all "login required"= false, yet all except
/oscar/
need auth, possibly only needing auth on the redirect target rather than the path being redirected.