staff_member_required 和 user_passes_test 之间的区别

Question

I've a doubt about the use of this two decorators. In my project I've some view in which I will allow the access only to the staff member. These are restricted area in which a staff can create a post or modify something about the user profile. This area is the admin area of my web site but is not a default django admin. I've create a backend area that doesn't use django admin site.

I've this view:

MODE 1

from django.contrib.admin.views.decorators import staff_member_required

@staff_member_required(login_url='login')
def staff_site(request):
    some code here

MODE 2

from django.contrib.auth.decorators import user_passes_test

@user_passes_test(lambda u:u.is_staff, login_url='login')
def staff_site(request):
    some code here

What is the right way that I must use for my aim?

Answer 1

They're both exactly the same. I would use @staff_member_required because it's less typing.

Under the hood, Django uses user_passes_test anyway, staff_member_required is just a shortcut. Here is the source code from Django:

from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.decorators import user_passes_test


def staff_member_required(view_func=None, redirect_field_name=REDIRECT_FIELD_NAME,
                          login_url='admin:login'):
    """
    Decorator for views that checks that the user is logged in and is a staff
    member, redirecting to the login page if necessary.
    """
    actual_decorator = user_passes_test(
        lambda u: u.is_active and u.is_staff,
        login_url=login_url,
        redirect_field_name=redirect_field_name
    )
    if view_func:
        return actual_decorator(view_func)
    return actual_decorator