DJG301¶
Django permission required mixin for a class-based-view must be the first base class. If not, the logic can silently be bypassed.
Fixes¶
Good :
class MyView(PermissionRequiredMixin, View):
permission_required = 'polls.add_choice'
Bad :
class MyView(View, PermissionRequiredMixin):
permission_required = 'polls.add_choice'