DJG301

Django permission required mixin for a class-based-view must be the first base class. If not, the logic can silently be bypassed.

Fixes

Good :

class MyView(PermissionRequiredMixin, View):
    permission_required = 'polls.add_choice'

Bad :

class MyView(View, PermissionRequiredMixin):
    permission_required = 'polls.add_choice'

See Also

• DJG300
• documentation