Open duncanparkes opened 9 years ago
I think the best solution here is probably for us to fix the issue in django-allauth, and run off a fork if necessary.
any progress? I have this bug, too
No progress, I'm afraid, but could you expand on how this affects you? It's a bit annoying, but as I understand it it should only affect you if you try and edit something you don't have permission to, which hopefully doesn't arise often.
I had just figured that out, dracos, tx. However, if I were a stickler for automated tests, I would like a test that logs in as "scurrilous_cretin", attempts to hit the wrong page, and receives a polite error message. Other than that, I will indeed add non-braces code to the links that access this page, to take it out of scurrilous_cretin's UX
I'm not sure where is the best place to log this issue, as it's really an unfortunate collection of small things from about five different repos.
If one logs in as a normal user (not superuser) and then visits the url of a page which inherits from
InstanceFormMixin
for an instance that that user doesn't have rights on, you are redirected to the login page. The login page on django-allauth then sees that you're already logged in and redirects you to the 'next' url, which is where you tried to visit in the first place - an infinite redirect loop.There's an issue logged on django-allauth suggesting it should behave like normal django.contrib.auth and always display the
LoginView
without redirecting (https://github.com/pennersr/django-allauth/issues/686).SayIt itself, and indeed django-subdomain-instances know nothing of allauth and wouldn't experience this problem just using the login view from django.contrib.auth.