Infinite Redirected Loop when Accessing Django Rosetta Page with users other than superuser
oussama-he opened this issue · comments
- Which version of Django are you using?:
4.2.5 - Which version of django-rosetta are you using?:
0.9.9 - Have you looked trough recent issues and checked this isn't a duplicate?
Yes
When attempting to access the rosetta page localhost:8000/rosetta
, I am experiencing an infinite redirected loop. This means that the page continuously redirects to the login page, which itself redirects to the rosetta page and so on, resulting in an endless loop without successfully showing a 403 page or something.
[31/Oct/2023 15:16:00] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:00] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:00] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:02] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:02] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
...
Expected Behavior:
The expected behavior is that when accessing the page with a user other than the admin (superuser), it should load a 403 page without any redirection issues or loops.
I'm asking if there is a setting to fix this or if it is a bug because I've tried the ROSETTA_ACCESS_CONTROL_FUNCTION
setting, but the same behavior was kept.
Thank you in advance.
It seems to me that:
- You are logged in (and hence your /accounts/login/ does not display the login form but instead redirects to the value of
?next
, but - The logged in user doesn't have enough privileges to edit PO files through Rosetta, as defined by
ROSETTA_ACCESS_CONTROL_FUNCTION
.
In either case, the fix would be to
- Fix your redirecting view to check that the user has enough privileges to edit PO files, when trying to redirect to a Rosetta URL, or
- Adapt
ROSETTA_ACCESS_CONTROL_FUNCTION
to allow editing PO files if the user is already logged in.
Either way, this really depends on your setup / your user management policies, and is not really a Rosetta issue.