0
0
Djangoframework~20 mins

Permission required decorator in Django - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Permission Decorator Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a user without permission accesses a view with @permission_required?
Consider a Django view decorated with @permission_required('app.view_item'). What is the typical behavior if a logged-in user lacks this permission?
Django
from django.contrib.auth.decorators import permission_required
from django.http import HttpResponse

@permission_required('app.view_item')
def my_view(request):
    return HttpResponse('Access granted')
AThe user is redirected to the login page only if not authenticated; otherwise, a 403 error is shown.
BThe user can access the view without any restriction.
CThe user sees a 403 Forbidden error page.
DThe user is redirected to the login page regardless of authentication status.
Attempts:
2 left
💡 Hint
Think about how Django handles permissions differently for authenticated and anonymous users.
📝 Syntax
intermediate
2:00remaining
Identify the correct syntax to require multiple permissions with @permission_required
Which of the following correctly requires both 'app.view_item' and 'app.change_item' permissions on a Django view?
A
@permission_required('app.view_item')
def my_view(request): pass
@permission_required('app.change_item')
B
@permission_required('app.view_item', 'app.change_item')
def my_view(request): pass
C
@permission_required(['app.view_item', 'app.change_item'])
def my_view(request): pass
D
@permission_required('app.view_item')
@permission_required('app.change_item')
def my_view(request): pass
Attempts:
2 left
💡 Hint
Think about stacking decorators to require multiple permissions.
🔧 Debug
advanced
2:00remaining
Why does this @permission_required decorator not work as expected?
This view should require 'app.delete_item' permission, but users without permission can access it. What is the problem?
Django
from django.contrib.auth.decorators import permission_required
from django.http import HttpResponse

@permission_required
def my_view(request):
    return HttpResponse('Deleted')
AThe decorator is missing parentheses after @permission_required.
BThe permission string is incorrect; it should be 'app.delete_items' plural.
CThe view is missing the login_required decorator, so permission is not checked.
DThe view is a function-based view but the decorator only works on class-based views.
Attempts:
2 left
💡 Hint
Check how decorators are applied in Python syntax.
state_output
advanced
2:00remaining
What is the HTTP status code returned when permission is denied by @permission_required?
When a logged-in user lacks the required permission for a view decorated with @permission_required, what HTTP status code does Django return?
A200 OK
B302 Found (redirect to login)
C403 Forbidden
D404 Not Found
Attempts:
2 left
💡 Hint
Think about the meaning of HTTP status codes for permission issues.
🧠 Conceptual
expert
3:00remaining
How to customize the redirect URL for unauthorized users with @permission_required?
By default, @permission_required redirects unauthorized users to the login page. How can you change this redirect URL to a custom page?
AOverride the <code>LOGIN_REDIRECT_URL</code> setting in Django settings.py.
BPass the <code>login_url</code> parameter to the decorator with the custom URL.
CUse a middleware to intercept permission errors and redirect manually.
DModify the view to catch PermissionDenied exceptions and redirect.
Attempts:
2 left
💡 Hint
Check the parameters accepted by the decorator.