On Mon, 2006-07-10 at 20:05 -0700, Gary Wilson wrote: > Proposing an is_loggedin method for User and AnonymousUser models. > > Templates treat non-existing variables as False; therefore; a > request.user somehow failing to get assigned would result in the > template treating the user as they are authenticated (is_anonymous > evaluates False). An is_loggedin would be a more secure option because > if request.user failed to get assigned, the template would treat the > user as anonymous. > > I would much rather mistakenly treat an authenticated user as anonymous > than mistakenly treat an anonymous user as authenticated. > > is_anonymous could be changed to return the negation of is_loggedin.
I like this. :-) I would prefer to declare is_anonymous as deprecated, though, rather than just make it work transparently again. Then we can consider removing it in some weeks/months (prior to 1.0). It will always be dangerous if your above logic is correct -- just tying it to is_logged_in (is_authenticated?) does not change that -- so we should force people to use the right method. Malcolm --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers -~----------~----~----~----~------~----~------~--~---
