Fixed #703: added decorators to require that view be called with a given HTTP REQUEST_METHOD

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1016 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-10-28 01:30:30 +00:00 · 2005-10-28 01:30:30 +00:00 · e7c870c36e
parent c3377c1eae
commit e7c870c36e
1 changed files with 28 additions and 2 deletions
--- a/django/views/decorators/http.py
+++ b/django/views/decorators/http.py
@ -1,9 +1,35 @@
 """
-Decorator for views that supports conditional get on ETag and Last-Modified
-headers.
+Decorators for views based on HTTP headers.
 """

 from django.utils.decorators import decorator_from_middleware
 from django.middleware.http import ConditionalGetMiddleware
+from django.utils.httpwrappers import HttpResponseForbidden

 conditional_page = decorator_from_middleware(ConditionalGetMiddleware)
+
+def require_http_methods(request_method_list):
+    """
+    Decorator to make a view only accept particular request methods.  Usage::
+    
+        @require_http_methods(["GET", "POST"])
+        def my_view(request):
+            # I can assume now that only GET or POST requests make it this far
+            # ...    
+            
+    Note that request methods ARE case sensitive.
+    """
+    def decorator(func):
+        def inner(request, *args, **kwargs):
+            method = request.META.get("REQUEST_METHOD", None) 
+            if method not in request_method_list:
+                raise HttpResponseForbidden("REQUEST_METHOD '%s' not allowed" % method)
+            return func(request, *args, **kwargs)
+        return inner
+    return decorator
+
+require_GET = require_http_methods(["GET"])
+require_GET.__doc__ = "Decorator to require that a view only accept the GET method."
+
+require_POST = require_http_methods(["POST"])
+require_POST.__doc__ = "Decorator to require that a view only accept the POST method."