By default the permission_required decorator redirects to the login url
when you don't have sufficient permissions. The result of this is if
a user navigates to a page they don't have permission to view they end
up in an infinite redirect loop between the forbidden page and the login page.
This change will allow logged out users a chance to login but return
forbidden when you don't have sufficient permissions.
By default the
permission_required
decorator redirects to the login url when you don't have sufficient permissions. The result of this is if a user navigates to a page they don't have permission to view they end up in an infinite redirect loop between the forbidden page and the login page.This change will allow logged out users a chance to login but return forbidden when you don't have sufficient permissions.