On Jul 25, 12:23 pm, Alexey Luchko <[email protected]> wrote: > On 23.07.2011 18:13,dpapathanasiouwrote: > I've got a question on the solution. Does it allow access to the other app > by direct url after successful login and redirect?
No, because the decorator function checks the Group of request.user and rejects the request if it's the wrong Group for this app. Each app has its own signup function, and every new user gets exactly one Group assignment, based on from which he registered. One possible hole, though, is through the admin site: if a rogue administrator assigns a user both Groups, then that user would gain access exactly as you describe. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
